security-rules.yml
copied straight from gemini
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
http:
|
||||
middlewares:
|
||||
# 1. Geoblocking Rule (Allow US only)
|
||||
geoblock-policy:
|
||||
plugin:
|
||||
geoblock:
|
||||
allowLocalRequests: true
|
||||
logLocalRequests: false
|
||||
countries:
|
||||
- US
|
||||
|
||||
# 2. CrowdSec Firewall Rule
|
||||
crowdsec-policy:
|
||||
plugin:
|
||||
crowdsec:
|
||||
enabled: true
|
||||
crowdsecLapiHost: "crowdsec:8080"
|
||||
crowdsecLapiKey: "GENERATE_A_KEY_IN_STEP_5" # We will replace this shortly
|
||||
crowdsecMode: stream
|
||||
|
||||
# 3. Secure HTTP Headers
|
||||
secure-headers:
|
||||
headers:
|
||||
sslRedirect: true
|
||||
stsSeconds: 31536000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
forceSTSHeader: true
|
||||
frameDeny: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
Reference in New Issue
Block a user