Remove th-ab.de from blocklist

[thannaske]

This PR removes the 79.132.130.39/32 # th-ab.de entry from the blog list. It appears that the IP/domain was added by this commit by @Morty-Feldman: https://github.com/cunnie/sslip.io/commit/2be71fbe6fb6f24d29d0dbfba5280d1861127b41

It claims that the domain/IP is/hosts a "mix of charity sites and news publications that are being mirrored for scams and spam". However, th-ab.de is the website of the German technical university of Aschaffenburg and is obviously neither scammy nor spammy.

Please consider removing the entry from the list again.

[Morty-Feldman]

The domain itself may not be spammy but mirroring it could be. Can you explain why this IP address needs to use sslip.io?

[thannaske]

The sslip is used with a "staging" subdomain to point to the server where the development happens. Maybe that's why it was considered mirroring in some way, because the contents look identical to those on the live website. In order to serve the staging environment with a valid SSL certificate, sslip is used because it's kind of bureaucratic hurdle to get ahold of a proper "th-ab" subdomain from the university's datacenter.

[Morty-Feldman]

I see - yes, this was added in error on my behalf because it looked like a straight-up website mirror.

This pull request should be merged and I'll leave that to @cunnie

Would it be possible to add this http header to your staging subdomain so that it doesn't get indexed in search engines?

X-Robots-Tag: noindex

[thannaske]

Thanks a lot for your quick response, I'll make sure that the header will be added to all responses of the staging environment within the next 24 hours.

[Morty-Feldman]

@cunnie - Should the documentation be updated to advise developers to add X-Robots-Tag: noindex for staging environments?

I'd imagine not having that could cause issues for developers. For example, if a website is being redesigned and they're using sslip.io, their redesign could be leaked via a search engine before it's ready and perhaps even critical/sensitive info could be indexed without the devs realizing it, etc.

[cunnie]

Should the documentation be updated to advise developers to add X-Robots-Tag: noindex for staging environments?

Great idea, @Morty-Feldman , I've updated the sslip.io website to include the following warning:

Developers: disable indexing of your staging site to avoid being blocked
(we block by disabling resolution of your sslip.io hostname); disable
indexing by either including the X-Robots-Tag: noindex in your HTTP 
headers or include a robots.txt at the root of your website with the 
following contents:
User-agent: *
Disallow: / 

[cunnie]

Hey @Morty-Feldman , I'd encourage to accept the GitHub invitation to become a collaborator on this repo. You don't have to do anything that makes you uncomfortable — you don't have to review PRs or merge commits. But what I'm particularly interested in is your input to changes, especially documentation, and having you as a collaborator opens up the possibility of a more structured change process.

For example, in the above comment I unilaterally wrote the documentation to "advise developers to add X-Robots-Tag: noindex for staging environments", but what I really would've liked is to have submitted a PR to this repo and tagged you as a reviewer so you could've had input for the wording and visibility.

[Morty-Feldman]

Thanks - I'll gladly help with stuff but the malicious activity seems to be a lot less rampant now. I'll still check from time to time and submit any obvious IPs to block but things seem to be going well with this recently so I'll probably contribute less frequently now.