From b1cf281208a4450f5705e4362d091e4806fbdc1a Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 4 Aug 2021 15:08:15 +1000
Subject: [PATCH] lodgeit: disable getRecent API endpoint

This appears to give a unicode error; but also looking at the access
patterns it seems to serve no good purpose but to be a target for
bots and other odd behaviour.  Block it from apache.

Change-Id: I3a9d4a0161eef34ffe39cf4feb9ab2af561684ca
---
 playbooks/roles/lodgeit/templates/paste.vhost.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/playbooks/roles/lodgeit/templates/paste.vhost.j2 b/playbooks/roles/lodgeit/templates/paste.vhost.j2
index 67db387199..ffa68099e6 100644
--- a/playbooks/roles/lodgeit/templates/paste.vhost.j2
+++ b/playbooks/roles/lodgeit/templates/paste.vhost.j2
@@ -37,6 +37,14 @@
   ProxyPass  / http://localhost:9000/ retry=0
   ProxyPassReverse / http://localhost:9000/
 
+  # NOTE(ianw) 2021-08-04 : block GET /json/?method=pastes.getRecent
+  # This a) gives Python 3 unicode errors we haven't looked into and b)
+  # is only used by bots as a vector for scraping things.  Just
+  # disable it.
+  RewriteEngine On
+  RewriteCond %{QUERY_STRING} "method=pastes.getRecent"
+  RewriteRule .* - [F,L]
+
   <Location "/robots.txt">
     ProxyPass !
   </Location>