From c0d44b0d8378b4a2a3cca64769da1714ffdb980c Mon Sep 17 00:00:00 2001
From: Matthew Spencer <matthew@thespencers.me.uk>
Date: Tue, 7 Jan 2025 12:44:43 +0000
Subject: [PATCH] Add initial bot blocking code

---
 apptabulous/reverseproxy/conf.d/reverse_proxy.conf | 12 ++++++++++++
 frontend.yaml                                      |  3 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/apptabulous/reverseproxy/conf.d/reverse_proxy.conf b/apptabulous/reverseproxy/conf.d/reverse_proxy.conf
index ca34f13..dec3f70 100755
--- a/apptabulous/reverseproxy/conf.d/reverse_proxy.conf
+++ b/apptabulous/reverseproxy/conf.d/reverse_proxy.conf
@@ -1,3 +1,11 @@
+# Create a map of known attack locations
+map $request_uri $block_uri {
+    default 0;
+    ~*/wp-.* 1;
+    ~*\.env 1;
+    /etc 1;
+}
+
 # Webserver
 server {
     listen 80;
@@ -10,6 +18,10 @@ server {
 
     server_name apptabulous.co.uk www.apptabulous.co.uk;
 
+    if ($block_uri = 1) {
+        return 403;
+    }
+
     location / {
         proxy_pass http://rpi4-2:3000;
     }
diff --git a/frontend.yaml b/frontend.yaml
index b2ff79f..f365218 100755
--- a/frontend.yaml
+++ b/frontend.yaml
@@ -57,7 +57,8 @@
     - name: Start reverse proxy container
       community.docker.docker_container:
         name: reverse_proxy
-        image: nginx:mainline-alpine-slim
+        #image: nginx:1.26.2-alpine-slim
+        image: ghcr.io/m5p3nc3r/nginx-keyval:main
         restart_policy: always
         volumes:
           - /etc/reverseproxy/conf.d:/etc/nginx/conf.d