ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add rate limit back to caddy iself

Browse Source
This commit is contained in:
Arya 2024-01-10 20:34:01 +05:30
parent 809e8f042c
commit 3eb517de51
Signed by: arya
GPG Key ID: 842D12BDA50DF120
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
privfrontends/templates/Caddyfile.j2
View File

@ -2,6 +2,7 @@
log { log {
output discard output discard
} }
order rate_limit before basicauth
} }
(tor) { (tor) {
@ -77,6 +78,12 @@ lbry.{{ server_prefix }}.projectsegfau.lt lbry.projectsegfau.lt {
nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{ server_prefix }}.psf.lt { nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{ server_prefix }}.psf.lt {
import def import def
import banips import banips
@rlignore {
not path /css/* /js/* /fonts/* /browserconfig.xml /android-chrome* /favicon* /logo* /lp.svg /robots.txt /safari* /site.webmanifest /pic/*
}
rate_limit @rlignore {remote.ip} 2r/s 60000 500
rate_limit @rlignore {remote.ip} 30r/m 300000 500
log { log {
# This is temporarily required to monitor nitter traffic due to scrapers being more active, so we need to monitor and rate limit them at a later date. # This is temporarily required to monitor nitter traffic due to scrapers being more active, so we need to monitor and rate limit them at a later date.
output file /var/log/caddy/ratelimiters.log output file /var/log/caddy/ratelimiters.log
@ -85,8 +92,10 @@ nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{
header { header {
header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; script-src-attr 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'" header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; script-src-attr 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'"
} }
reverse_proxy :8065 { reverse_proxy :8387 {
header_up X-Real-IP {remote_host} transport http {
compression off
}
} }
import torloc nitter import torloc nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p