From e158c98edd5831aa71400a3bfa50faa1a6925699 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Tue, 7 Apr 2015 15:34:25 -0700 Subject: [PATCH] Allow for ability to block status.json referers This adds a parameter that takes a list of HTTP referers to status.json to block. Useful for blocking hosts that are DOSing zuul. Change-Id: I410e919ee7e2e4491d1cea40d9f3c0af4c6c86cb --- manifests/init.pp | 1 + templates/zuul.vhost.erb | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index d4bad2b..b8e8817 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -51,6 +51,7 @@ class zuul ( $proxy_ssl_cert_file_contents = '', $proxy_ssl_key_file_contents = '', $proxy_ssl_chain_file_contents = '', + $block_referers = [], ) { include apache include pip diff --git a/templates/zuul.vhost.erb b/templates/zuul.vhost.erb index b011487..d69904b 100644 --- a/templates/zuul.vhost.erb +++ b/templates/zuul.vhost.erb @@ -19,6 +19,10 @@ CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined RewriteEngine on + <% @block_referers.each do |referer| -%> + RewriteCond %{HTTP_REFERER} =<%= referer %> + RewriteRule ^/status.json - [F] + <% end -%> RewriteRule ^/status.json$ http://127.0.0.1:8001/status.json [P] AddOutputFilterByType DEFLATE application/json @@ -79,6 +83,10 @@ CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined RewriteEngine on + <% @block_referers.each do |referer| -%> + RewriteCond %{HTTP_REFERER} =<%= referer %> + RewriteRule ^/status.json - [F] + <% end -%> RewriteRule ^/status.json$ http://127.0.0.1:8001/status.json [P] AddOutputFilterByType DEFLATE application/json