remove nginx perl module & block ai bots

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-02 23:43:36 +00:00 · 2024-01-21 23:37:59 +01:00
parent 4bfb9b799a
commit 1045ccf592
4 changed files with 24 additions and 5 deletions
--- a/3
+++ b/3
@@ -48,7 +48,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
    sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
    sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf

-FROM zoeyvid/nginx-quic:241
+FROM zoeyvid/nginx-quic:243
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]

 ARG CRS_VER=v4.0/dev
@@ -91,7 +91,6 @@ RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \

 ENV NODE_ENV=production \
    NODE_CONFIG_DIR=/data/etc/npm \
-    PATH="/usr/local/certbot/bin:$PATH" \
    DB_SQLITE_FILE=/data/etc/npm/database.sqlite

 ENV PUID=0 \
--- a/rootfs/usr/local/bin/entrypoint.sh
+++ b/rootfs/usr/local/bin/entrypoint.sh
@@ -17,4 +17,4 @@ done

 cd /app || exit

-start.sh
+exec start.sh
--- a/rootfs/usr/local/bin/start.sh
+++ b/rootfs/usr/local/bin/start.sh
@@ -834,7 +834,7 @@ if [ "$PUID" != "0" ]; then
        sed -i "s|group =.*|;group = root|" /data/php/83/php-fpm.d/www.conf
    fi
    sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
-    sudo -Eu npm launch.sh
+    exec sudo -Eu npm launch.sh
 else
    chown -R 0:0 /usr/local \
                 /data \
@@ -853,5 +853,5 @@ else
        sed -i "s|;group =.*|group = root|" /data/php/83/php-fpm.d/www.conf
    fi
    sed -i "s|#user root;|user root;|g"  /usr/local/nginx/conf/nginx.conf
-    launch.sh
+    exec launch.sh
 fi
--- a/rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
@@ -16,6 +16,10 @@ if ($query_string ~ "[a-zA-Z0-9_]=http://") {
    return 403;
 }

+if ($query_string ~ "[a-zA-Z0-9_]=https://") {
+    return 403;
+}
+
 if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
    return 403;
 }
@@ -48,3 +52,19 @@ if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
 if ($query_string ~ "base64_(en|de)code\(.*\)") {
    return 403;
 }
+
+if ($http_user_agent ~ "Google-Extended") {
+    return 403;
+}
+
+if ($http_user_agent ~ "GPTBot") {
+    return 403;
+}
+
+if ($http_user_agent ~ "ChatGPT-User") {
+    return 403;
+}
+
+if ($http_user_agent ~ "CCBot") {
+    return 403;
+}