security-rules.yml
copied straight from gemini
This commit is contained in:
@@ -0,0 +1,31 @@
|
|||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
# 1. Geoblocking Rule (Allow US only)
|
||||||
|
geoblock-policy:
|
||||||
|
plugin:
|
||||||
|
geoblock:
|
||||||
|
allowLocalRequests: true
|
||||||
|
logLocalRequests: false
|
||||||
|
countries:
|
||||||
|
- US
|
||||||
|
|
||||||
|
# 2. CrowdSec Firewall Rule
|
||||||
|
crowdsec-policy:
|
||||||
|
plugin:
|
||||||
|
crowdsec:
|
||||||
|
enabled: true
|
||||||
|
crowdsecLapiHost: "crowdsec:8080"
|
||||||
|
crowdsecLapiKey: "GENERATE_A_KEY_IN_STEP_5" # We will replace this shortly
|
||||||
|
crowdsecMode: stream
|
||||||
|
|
||||||
|
# 3. Secure HTTP Headers
|
||||||
|
secure-headers:
|
||||||
|
headers:
|
||||||
|
sslRedirect: true
|
||||||
|
stsSeconds: 31536000
|
||||||
|
stsIncludeSubdomains: true
|
||||||
|
stsPreload: true
|
||||||
|
forceSTSHeader: true
|
||||||
|
frameDeny: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
browserXssFilter: true
|
||||||
Reference in New Issue
Block a user