From 3a2989fcdeeef6c7313203e035fe48b4fb573638 Mon Sep 17 00:00:00 2001
From: kappa <kappa@inouter.com>
Date: Mon, 16 Mar 2026 22:05:38 +0900
Subject: [PATCH] =?UTF-8?q?=EC=A0=95=EB=B3=B4=20=EC=A0=95=ED=99=95?=
 =?UTF-8?q?=EC=84=B1=20=EC=88=98=EC=A0=95:=20chaitin-waf=20=EB=9D=BC?=
 =?UTF-8?q?=EC=9A=B0=ED=8A=B8=EB=B3=84=20=EC=A0=81=EC=9A=A9,=20actions=20z?=
 =?UTF-8?q?one=20hostname=20=EC=A0=95=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infra/apisix.md            | 2 +-
 infra/crowdsec-safeline.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infra/apisix.md b/infra/apisix.md
index ac4ec4c..a36fb8b 100644
--- a/infra/apisix.md
+++ b/infra/apisix.md
@@ -43,7 +43,7 @@ BunnyCDN(inouter, ID 5316471) → apisix-osaka(172.233.93.180) → 백엔드
 | Zone | Origin | 방향 | 주요 Hostnames |
 |---|---|---|---|
 | inouter (5316471) | 172.233.93.180 | → 오사카 | anvil.it.com, vault.inouter.com, n8n, kroki, tg.anvil.it.com |
-| actions (5330178) | 220.120.65.245 | → 서울 | actions.it.com, gitea.anvil.it.com, hcv.inouter.com, nocodb.inouter.com |
+| actions (5330178) | 220.120.65.245 | → 서울 | actions.it.com, gitea.anvil.it.com |
 
 참고: actions zone은 `DisableCookies: false` (쿠키 허용, 2026-03-15). Gitea 웹 로그인 세션에 필요.
 
diff --git a/infra/crowdsec-safeline.md b/infra/crowdsec-safeline.md
index ca20e1d..678e86e 100644
--- a/infra/crowdsec-safeline.md
+++ b/infra/crowdsec-safeline.md
@@ -47,7 +47,7 @@ Bouncer 목록: [[apisix]]-waf-bouncer, bunny-cdn-bouncer, cs-[[cloudflare|cf]]-
 ### 2차: SafeLine WAF (chaitin-waf 플러그인)
 - 위치: APISIX 내부 플러그인
 - BunnyCDN을 통과한 공격 차단
-- 글로벌 적용 (global_rules로 chaitin-waf 설정)
+- 라우트별 개별 적용 (gitea는 `.git/` 경로 제외, 바이너리 프로토콜 파싱 불가)
 
 ### 3차: CrowdSec (로그 분석)
 - 위치: jp1 CrowdSec (10.253.100.240:8080)