Skip to content

Commit

Permalink
Restrict frontend access to CDNs, monitoring and admins
Browse files Browse the repository at this point in the history
  • Loading branch information
grischard authored Aug 5, 2024
1 parent a3d0a18 commit bfd4efb
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions cookbooks/web/templates/default/apache.frontend.erb
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,32 @@ ErrorLog /var/log/apache2/error.log
RemoteIPHeader CF-Connecting-IP
<% @cloudflare.sort.each do |address| -%>
RemoteIPTrustedProxy <%= address %>
Require ip <%= address %>
<% end -%>
# Fastly POPs
<% @fastly.sort.each do |address| -%>
Require ip <%= address %>
RemoteIPTrustedProxy <%= address %>
<% end -%>
# StatusCake monitoring
<% @statuscake.sort.reject { |address| address.empty? }.each do |address| -%>
Require ip <%= address %>
<% end -%>
# Administrators
<% @admins.sort.each do |address| -%>
Require ip <%= address %>
<% end -%>
# OSM Amsterdam IPv4
Require ip 184.104.179.128/27
# OSM Amsterdam IPv6
Require ip 2001:470:1:fa1::/64
# OSM Dublin IPv4
Require ip 184.104.226.96/27
# OSM Dublin IPv6
Require ip 2001:470:1:b3b::/64
# OSM UCL IPv4
Require ip 193.60.236.0/24


#
# Turn on various features
Expand Down

0 comments on commit bfd4efb

Please sign in to comment.