Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Distribute the denial of secrets

Distributing the denial of secrets

Twitter made a forbidden place. I don't like being forbidden from going places or sharing links to said places.

It's dangerous to go alone, take these:

What do we block?

  • AWS
  • GCP
  • Azure
  • AS24940 (Hetzner)
  • AS13414 (Twitter)
  • AS25046 (Check point)


Get the nginx-cloud-block.conf from my gists. Alternatively you can build your own using 0xdade/sephiroth.

Add the following include line to your /etc/nginx/nginx.conf

http {
  include /etc/nginx/nginx-cloud-block.conf;

Getting a wildcard cert

Here's a random guide on wildcard certs for certbot. If you already have certbot installed, here's the meat of the process.

certbot certonly --manual --preferred-challenges=dns --agree-tos -d *


Replace with your domain. Redirect to whatever you want in the if ($block_ip) block.

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name ~^(.*)\.exploit\.party$;
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    if ($block_ip) {
        return 302;
    return https://$$request_uri;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment