librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

moved UA and referrer check to LUA

This commit is contained in:
bunkerity 2020-12-04 22:21:38 +01:00
parent 88f27bfeb8
commit 26947179a4
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
6 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
confs/site/block-referrer.conf
View File

@ -1,3 +0,0 @@
if ($bad_referrer = yes) {
return 444;
}

3
confs/site/block-user-agent.conf
View File

@ -1,3 +0,0 @@
if ($bad_user_agent = yes) {
return 444;
}

12
confs/site/main-lua.conf
View File

@ -5,6 +5,8 @@ access_by_lua_block {
local use_whitelist_ip = %USE_WHITELIST_IP%
local use_whitelist_reverse = %USE_WHITELIST_REVERSE%
local use_user_agent = %USE_USER_AGENT%
local use_referrer = %USE_REFERRER%
local use_country = %USE_COUNTRY%
local use_blacklist_ip = %USE_BLACKLIST_IP%
local use_blacklist_reverse = %USE_BLACKLIST_REVERSE%
@ -35,6 +37,16 @@ if use_whitelist_reverse and whitelist.reverse_cached_ok() then
ngx.exit(ngx.OK)
end
-- check if user-agent is allowed
if use_user_agent and ngx.var.bad_user_agent == "yes" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
-- check if referrer is allowed
if use_referrer and ngx.var.bad_referrer == "yes" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
-- check if country is allowed
if use_country and ngx.var.allowed_country == "no" then
ngx.exit(ngx.HTTP_FORBIDDEN)

2
confs/site/server.conf
View File

@ -24,8 +24,6 @@ server {
%REFERRER_POLICY%
%FEATURE_POLICY%
%PERMISSIONS_POLICY%
%BLOCK_USER_AGENT%
%BLOCK_REFERRER%
%BLOCK_TOR_EXIT_NODE%
%BLOCK_PROXIES%
%BLOCK_ABUSERS%

2
entrypoint/defaults.sh
View File

@ -81,7 +81,7 @@ LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
WHITELIST_REVERSE_LIST="${WHITELIST_REVERSE_LIST-.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net}"
USE_BLACKLIST_IP="${USE_BLACKLIST_IP-yes}"

8
entrypoint/site-config.sh
View File

@ -266,16 +266,16 @@ fi
# block bad UA
if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_USER_AGENT%" "include ${NGINX_PREFIX}block-user-agent.conf;"
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "true"
else
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_USER_AGENT%" ""
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "false"
fi
# block bad referrer
if [ "$BLOCK_REFERRER" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" "include ${NGINX_PREFIX}block-referrer.conf;"
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRER%" "true"
else
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" ""
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRER%" "false"
fi
# block TOR exit nodes