From 3a54ca2c95a41451860c118192ad03f419b45817 Mon Sep 17 00:00:00 2001
From: Alex van Andel <me@alexvanandel.com>
Date: Tue, 16 Aug 2022 23:01:38 +0100
Subject: [PATCH] Attempt at redirect to 404 (#3877)

* Attempt at redirect to 404

404 should be able to handle the traffic no problem - better ideas welcome. Just a temp fix I imagine; we're not going to want to keep this nor can we expect the User-Agent to continue identifying the traffic source.

* Update next.config.js

Co-authored-by: zomars <zomars@me.com>
---
 apps/web/next.config.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index 330cdf0700..7f273e055f 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -136,6 +136,19 @@ const nextConfig = {
         destination: "/video/:path*",
         permanent: false,
       },
+      /* Attempt to mitigate DDoS attack */
+      {
+        source: "/api/auth/:path*",
+        has: [
+          {
+            type: "header",
+            key: "User-Agent",
+            value: "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)",
+          },
+        ],
+        destination: "/404",
+        permanent: false,
+      },
     ];
 
     if (process.env.NEXT_PUBLIC_WEBAPP_URL === "https://app.cal.com") {