From b1a67d1a5ccec34aa0502964af16e297e2f839b3 Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Thu, 16 Nov 2023 14:21:45 +0100
Subject: [PATCH] apache : fix goaway pattern for bad bots

---
 CHANGELOG.md                        |  1 +
 apache/files/evolinux-defaults.conf | 11 ++++-------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5118693e..0431abeb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * add-vm.sh: allow VM name max length > 20
 * nagios: rename var `nagios_nrpe_process_processes` into `nagios_nrpe_processes` and check systemd-timesyncd instead of ntpd in Debian 12
 * ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
+* apache : fix goaway pattern for bad bots 
 
 ### Fixed
 
diff --git a/apache/files/evolinux-defaults.conf b/apache/files/evolinux-defaults.conf
index 65c8c921..a66e2797 100644
--- a/apache/files/evolinux-defaults.conf
+++ b/apache/files/evolinux-defaults.conf
@@ -40,13 +40,10 @@ MaxKeepAliveRequests 10
     </IfModule>
 </IfModule>
 
-
-<Directory /home/>
-    AllowOverride None
-    Require all granted
-    # "Require not env XXX" is not supported :(
-    Deny from env=GoAway
-</Directory>
+# Go away bad bots (define "bad bots" in zzz-evolinux-custom.conf)
+<If "reqenv('GoAway') -eq 1">
+  Require all denied
+</If>
 
 <DirectoryMatch "/\.git">
     # We don't want to let the client know a file exist on the server,