From a9dab0137f2ce7c26ca6457ebc484c49d94835f5 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 3 Jul 2026 09:14:56 -0500 Subject: [PATCH] ratelimiting for buildbot, UA blocking --- pillar/base/haproxy.sls | 1 + salt/buildbot/config/nginx.conf.jinja | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/pillar/base/haproxy.sls b/pillar/base/haproxy.sls index 646a9931..c6630092 100644 --- a/pillar/base/haproxy.sls +++ b/pillar/base/haproxy.sls @@ -5,6 +5,7 @@ haproxy: buildbot-master: domains: - buildbot.python.org + rate_limit: 100 check: "GET /all/#/about HTTP/1.1\\r\\nHost:\\ buildbot.python.org" extra: - timeout client 30s diff --git a/salt/buildbot/config/nginx.conf.jinja b/salt/buildbot/config/nginx.conf.jinja index 62803e7e..a58b7c55 100644 --- a/salt/buildbot/config/nginx.conf.jinja +++ b/salt/buildbot/config/nginx.conf.jinja @@ -30,6 +30,10 @@ server { rewrite ^/all/(.*) /$1 break; location / { + if ($http_user_agent ~* "(Lightpanda|Sogou web spider|SemrushBot|AhrefsBot|Bytespider|GPTBot|ClaudeBot|Amazonbot|meta-externalagent)") { + return 403; + } + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off;