Any suggestions for a simple way in #Django to blackhole all these requests for Wordpress things which will never work?
=> More informations about this toot | More toots from adamghill@indieweb.social
I’m using Coolify with uses Caddy under the hood (I think) so maybe I can exclude some paths in a config or something. 🤔 #Django
=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill a WAF like modsec or OWASP coraza https://github.com/corazawaf/coraza-caddy
=> More informations about this toot | More toots from risottobias@tech.lgbt
@risottobias That seems like more than I'm willing to deal with at this point. 😅
Adding this to my Caddyfile seems... not terrible?
@blackhole {
path_regexp (^/wordpress.*|^/wp-admin.*)
}
handle @blackhole {
respond 404
}=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill my first thought was a small middleware that checks the request path and blackholes any requests to php files, but going up a level from an application solution to the proxy itself is probably better?
=> More informations about this toot | More toots from josh@joshthomas.dev
@josh Yeah, seems like middleware (with some headers on the response?) and/or robots.txt is the simplest approach. Stopping the requests at the proxy feels like the “right" way to do it, though.
=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill I’ve done similar middleware for applications running on Fly where I don’t really have access to the proxy level (without shoving my own proxy in there). It works and as long as you do the check early and efficiently (using eg compiled regex matching) I haven’t noticed any major perf issues. I can get away with it because they aren’t super traffic heavy; I imagine at bigger scales you’d want to go straight to the proxy to avoid overloading your app.
=> More informations about this toot | More toots from josh@joshthomas.dev
@josh Well, my side projects aren't lighting the world on fire (yet) so I might just make a middleware and be done with it!
=> More informations about this toot | More toots from adamghill@indieweb.social
@josh @adamghill If you use Cloudflare (free version) and I would assume Fastly, they can do it for you.
=> More informations about this toot | More toots from webology@mastodon.social
@webology @josh Good call -- gonna look at my Cloudflare setup.
=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill @webology beyond just the page rules, it takes a trivial amount of JS in a Cloudflare worker to do this too https://developers.cloudflare.com/workers/examples/redirect/
=> More informations about this toot | More toots from josh@joshthomas.dev
@webology @josh omg Cloudflare WAF where have you been all my life 😍
=> View attached media | View attached media
=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill @josh It's on my list to automate this since they have an API but I haven't gotten there yet.
I'm mentioning this because that means Josh will figure it out before I have time even to look. 🤣
=> More informations about this toot | More toots from webology@mastodon.social
@webology @josh I wonder if a management command might be useful
=> More informations about this toot | More toots from adamghill@indieweb.social
@webology @adamghill Naw, my hyper focus is oscillating between component templates and language servers, I don’t think there’s room for anything more right now 😅
=> More informations about this toot | More toots from josh@joshthomas.dev
@josh @webology focus?! What is this “focus” that you speak of
=> More informations about this toot | More toots from adamghill@indieweb.social
@webology @adamghill Oh yeah 👍, I’ve used the page rules in Cloudflare to do the same thing too. I just wish there was a way to declare them and keep them in the repo instead of needing to set them up in the web ui.
=> More informations about this toot | More toots from josh@joshthomas.dev
@josh @webology @adamghill Indeed. I do all my infra stuff with python code using Pulumi, either in same repo or for bigger projects in a separate related IaC repo. Pulumi has https://www.pulumi.com/registry/packages/cloudflare/ which I do use a bit.
=> More informations about this toot | More toots from LucidDan@fosstodon.org
@LucidDan @josh @adamghill That's pretty neat. I'll have to check it out.
=> More informations about this toot | More toots from webology@mastodon.social
@webology @josh @adamghill I spent years beating my DevOps head against Terraform HCL configs, and last year finally found Pulumi as an alternative. Have now moved all my devops stuff that I own to Pulumi, no regrets.
It's remarkably simple to get going with it. https://github.com/pulumi/examples has some good simple demos. You can use it for as much or little as you want, I have some cases where all I'm doing is managing some DNS records.
=> More informations about this toot | More toots from LucidDan@fosstodon.org
@adamghill Django is not the best place to do that, since you probably don't want these requests to even reach Django. Your reverse proxy is the right place, whether it's httpd, nginx, or modern stuff like traefik or caddy.
=> More informations about this toot | More toots from david_guillot@social.tchncs.de
@david_guillot Yup! I was just playing with Coolify's caddy configuration and broke all my sites for a few minutes, so gonna back away from this slowly and maybe look at it again later. 😂
=> More informations about this toot | More toots from adamghill@indieweb.social
@adamghill @david_guillot one of the things I love about nginx is that it doesn't restart and crash when I mess up the config and reload it (on a VPS)
If you are using Docker, you can try to add caddy validate to your Dockerfile - which is the equivalent of nginx -t (test the configuration)
=> More informations about this toot | More toots from benjaoming@social.data.coop
@david_guillot @adamghill Yep what he said 👆
=> More informations about this toot | More toots from josh@joshthomas.dev This content has been proxied by September (ba2dc).Proxy Information
text/gemini