From 78605040057c3df8487cc4128598a90a15bd1c05 Mon Sep 17 00:00:00 2001 From: Tine Date: Fri, 14 Mar 2025 20:36:05 +0100 Subject: [PATCH] fix(ingress.tjo.cloud): block alibaba as well --- ingress.tjo.cloud/justfile | 7 +- .../nginx/partials/blocked-bad-crawlers.conf | 143 ++++++++++++++++++ 2 files changed, 149 insertions(+), 1 deletion(-) diff --git a/ingress.tjo.cloud/justfile b/ingress.tjo.cloud/justfile index 0492dfb..765e514 100644 --- a/ingress.tjo.cloud/justfile +++ b/ingress.tjo.cloud/justfile @@ -50,7 +50,9 @@ configure-only node: do if [ "$NODE" = "{{node}}-ingress-tjo-cloud" ] then + echo "=============================" echo "= Provisioning node ${NODE}" + echo "=============================" cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s' fi done @@ -74,7 +76,10 @@ update-blocked-list: echo "# FACEBOOK IPV4 $(echo $FACEBOOK_IPV4 | wc -w)" echo "# FACEBOOK IPV6 $(echo $FACEBOOK_IPV6 | wc -w)" - IP_RANGES=$(echo -e "$GOOGLE_BOT_IPV4\n$GOOGLE_BOT_IPV6\n$BING_BOT_IPV4\n$BING_BOT_IPV6\n$OPENAI_IPV4\n$FACEBOOK_IPV4\n$FACEBOOK_IPV6" | sort | uniq) + ALIBABA_IPV4=$(curl -s https://raw.githubusercontent.com/devanshbatham/ip2cloud/refs/heads/main/data/aliyun.txt) + echo "# ALIBABA IPV4 $(echo $ALIBABA_IPV4 | wc -w)" + + IP_RANGES=$(echo -e "$GOOGLE_BOT_IPV4\n$GOOGLE_BOT_IPV6\n$BING_BOT_IPV4\n$BING_BOT_IPV6\n$OPENAI_IPV4\n$FACEBOOK_IPV4\n$FACEBOOK_IPV6\n$ALIBABA_IPV4" | sort | uniq) echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked-bad-crawlers.conf for ip in $IP_RANGES; do echo "deny $ip;" >> root/etc/nginx/partials/blocked-bad-crawlers.conf diff --git a/ingress.tjo.cloud/root/etc/nginx/partials/blocked-bad-crawlers.conf b/ingress.tjo.cloud/root/etc/nginx/partials/blocked-bad-crawlers.conf index fa4c0ad..422defe 100644 --- a/ingress.tjo.cloud/root/etc/nginx/partials/blocked-bad-crawlers.conf +++ b/ingress.tjo.cloud/root/etc/nginx/partials/blocked-bad-crawlers.conf @@ -1,7 +1,36 @@ #!!DO NOT EDIT!! Generated by using just ingress-blocked-list command. +deny 101.132.0.0/15; +deny 101.200.0.0/15; +deny 101.37.0.0/16; deny 102.132.96.0/19; deny 102.221.188.0/22; deny 103.4.96.0/22; +deny 106.14.0.0/15; +deny 110.76.32.0/20; +deny 112.124.0.0/14; +deny 112.74.0.0/16; +deny 114.215.0.0/16; +deny 114.55.0.0/16; +deny 115.28.0.0/15; +deny 116.0.81.0/24; +deny 116.0.89.0/24; +deny 116.62.0.0/16; +deny 118.178.0.0/16; +deny 118.190.0.0/16; +deny 118.31.0.0/16; +deny 119.23.0.0/16; +deny 119.38.208.0/20; +deny 119.42.224.0/21; +deny 119.42.232.0/24; +deny 119.42.234.0/24; +deny 120.24.0.0/14; +deny 120.55.0.0/16; +deny 120.76.0.0/14; +deny 121.0.16.0/20; +deny 121.196.0.0/14; +deny 121.40.0.0/14; +deny 121.89.0.0/16; +deny 123.56.0.0/15; deny 129.134.0.0/16; deny 135.234.64.0/24; deny 135.237.131.208/28; @@ -11,11 +40,59 @@ deny 13.67.10.16/28; deny 13.69.66.240/28; deny 13.71.172.224/28; deny 13.83.167.128/28; +deny 139.129.0.0/16; +deny 139.196.0.0/16; deny 139.217.52.0/28; +deny 139.224.0.0/16; deny 147.75.208.0/20; deny 157.240.0.0/16; deny 157.55.39.0/24; deny 163.114.128.0/20; +deny 163.181.0.0/23; +deny 163.181.100.0/24; +deny 163.181.102.0/23; +deny 163.181.105.0/24; +deny 163.181.106.0/23; +deny 163.181.112.0/23; +deny 163.181.116.0/23; +deny 163.181.118.0/24; +deny 163.181.120.0/22; +deny 163.181.126.0/23; +deny 163.181.128.0/24; +deny 163.181.132.0/24; +deny 163.181.136.0/22; +deny 163.181.144.0/22; +deny 163.181.15.0/24; +deny 163.181.16.0/22; +deny 163.181.2.0/24; +deny 163.181.22.0/23; +deny 163.181.25.0/24; +deny 163.181.26.0/24; +deny 163.181.28.0/24; +deny 163.181.32.0/21; +deny 163.181.40.0/24; +deny 163.181.42.0/23; +deny 163.181.44.0/24; +deny 163.181.49.0/24; +deny 163.181.50.0/24; +deny 163.181.52.0/24; +deny 163.181.56.0/23; +deny 163.181.59.0/24; +deny 163.181.61.0/24; +deny 163.181.66.0/23; +deny 163.181.70.0/23; +deny 163.181.72.0/23; +deny 163.181.74.0/24; +deny 163.181.77.0/24; +deny 163.181.78.0/23; +deny 163.181.80.0/22; +deny 163.181.85.0/24; +deny 163.181.89.0/24; +deny 163.181.90.0/24; +deny 163.181.92.0/24; +deny 163.181.94.0/23; +deny 163.181.97.0/24; +deny 163.181.99.0/24; deny 163.70.128.0/17; deny 163.77.128.0/17; deny 172.178.140.144/28; @@ -26,6 +103,7 @@ deny 172.183.222.128/28; deny 172.203.190.128/28; deny 173.252.64.0/18; deny 179.60.192.0/22; +deny 182.92.0.0/16; deny 185.60.216.0/22; deny 185.89.216.0/22; deny 191.233.204.224/28; @@ -68,6 +146,25 @@ deny 20.15.133.160/27; deny 20.161.75.208/28; deny 20.171.206.0/23; deny 20.215.188.192/28; +deny 203.107.100.0/22; +deny 203.107.1.0/24; +deny 203.107.104.0/22; +deny 203.107.108.0/23; +deny 203.107.13.0/24; +deny 203.107.20.0/22; +deny 203.107.24.0/24; +deny 203.107.26.0/23; +deny 203.107.28.0/22; +deny 203.107.32.0/19; +deny 203.107.6.0/24; +deny 203.107.72.0/21; +deny 203.107.80.0/21; +deny 203.107.96.0/23; +deny 203.119.128.0/19; +deny 203.119.160.0/24; +deny 203.119.168.0/21; +deny 203.119.176.0/20; +deny 203.119.192.0/18; deny 20.36.108.32/28; deny 204.15.20.0/22; deny 20.42.10.176/28; @@ -76,6 +173,8 @@ deny 20.74.197.0/28; deny 207.46.13.0/24; deny 20.79.107.240/28; deny 20.97.189.96/28; +deny 218.244.128.0/19; +deny 223.4.0.0/14; deny 23.98.179.16/28; deny 23.98.186.176/28; deny 23.98.186.192/28; @@ -148,6 +247,9 @@ deny 34.89.10.80/28; deny 34.89.198.80/28; deny 34.96.162.48/28; deny 35.247.243.240/28; +deny 39.104.0.0/14; +deny 39.108.0.0/16; +deny 39.96.0.0/13; deny 40.77.139.0/25; deny 40.77.167.0/24; deny 40.77.177.0/24; @@ -160,8 +262,36 @@ deny 40.84.221.208/28; deny 40.84.221.224/28; deny 4.196.118.112/28; deny 4.197.22.112/28; +deny 42.120.0.0/15; +deny 42.156.128.0/17; deny 4.227.36.0/25; +deny 42.96.128.0/17; deny 45.64.40.0/22; +deny 47.112.0.0/13; +deny 47.120.0.0/15; +deny 47.122.0.0/17; +deny 47.123.0.0/16; +deny 47.246.16.0/22; +deny 47.246.20.0/24; +deny 47.246.22.0/23; +deny 47.246.24.0/24; +deny 47.246.26.0/24; +deny 47.246.28.0/22; +deny 47.246.36.0/22; +deny 47.246.41.0/24; +deny 47.246.42.0/23; +deny 47.246.44.0/23; +deny 47.246.46.0/24; +deny 47.246.48.0/23; +deny 47.246.50.0/24; +deny 47.246.57.0/24; +deny 47.246.58.0/24; +deny 47.246.60.0/22; +deny 47.89.121.0/24; +deny 47.89.64.0/24; +deny 47.89.66.0/24; +deny 47.92.0.0/14; +deny 47.96.0.0/12; deny 51.105.67.0/28; deny 51.8.102.0/24; deny 51.8.155.112/28; @@ -180,6 +310,14 @@ deny 57.141.12.0/23; deny 57.141.8.0/22; deny 57.144.0.0/14; deny 57.154.175.0/28; +deny 59.110.0.0/16; +deny 59.82.0.0/18; +deny 59.82.104.0/21; +deny 59.82.112.0/20; +deny 59.82.128.0/21; +deny 59.82.64.0/19; +deny 59.82.96.0/22; +deny 60.205.0.0/16; deny 65.55.210.0/24; deny 66.220.144.0/20; deny 66.249.64.0/25; @@ -201,3 +339,8 @@ deny 66.249.79.0/24; deny 69.171.224.0/19; deny 69.63.176.0/20; deny 74.119.76.0/22; +deny 8.129.0.0/16; +deny 8.130.0.0/15; +deny 8.132.0.0/14; +deny 8.136.0.0/13; +deny 8.144.0.0/14;