Merge branch 'whitelist_ua' of https://github.com/thelittlefireman/bunkerized-nginx into dev

.gitignore

@@ -0,0 +1 @@
+.idea/

README.md

@@ -1040,6 +1040,12 @@ Default value : *.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .c
 Context : *global*  
 The list of reverse DNS suffixes to whitelist when `USE_WHITELIST_REVERSE` is set to *yes*. The default list contains suffixes of major search engines.
 
+`WHITELIST_USERAGENT_LIST`
+Values : *"useragent1", "^[user]agent2"*
+Default value : **
+Context : *global*, *multisite*  
+Whitelist user agent from be blocked by `BLOCK_USER_AGENT`
+
 ### Custom blacklisting
 
 `USE_BLACKLIST_IP`  

confs/site/main-lua.conf

@@ -6,6 +6,7 @@ access_by_lua_block {
 local use_whitelist_ip		= %USE_WHITELIST_IP%
 local use_whitelist_reverse	= %USE_WHITELIST_REVERSE%
 local use_user_agent		= %USE_USER_AGENT%
+local whitelist_useragent_list = { %WHITELIST_USERAGENT_LIST% }
 local use_referrer		= %USE_REFERRER%
 local use_country		= %USE_COUNTRY%
 local use_blacklist_ip		= %USE_BLACKLIST_IP%
@@ -80,6 +81,19 @@ end
 
 -- check if user-agent is allowed
 if use_user_agent and ngx.var.bad_user_agent == "yes" then
+	local headers = ngx.req.get_headers()
+	local ua = headers["User-Agent"]
+	if not whitelist_useragent_list ~= "" then
+		local k_ua_white, v_ua_white = next(whitelist_useragent_list, nil)
+    	while v_ua_white do
+    		local rst_whitelist = string.match(ua, v_ua_white)
+      		if rst_whitelist ~= nil and rst_whitelist ~= "" then
+      			ngx.log(ngx.WARN, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted")
+      			ngx.exit(ngx.OK)
+      		end
+      		k_ua_white, v_ua_white = next(whitelist_useragent_list, k_ua_white)
+    	end
+	end
 	ngx.log(ngx.WARN, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted")
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end

entrypoint/defaults.sh

@@ -45,6 +45,7 @@ DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
 SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
 ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
 BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
+WHITELIST_USERAGENT_LIST="${WHITELIST_USERAGENT_LIST-}"
 BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
 BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
 BLOCK_PROXIES="${BLOCK_PROXIES-yes}"

entrypoint/site-config.sh

@@ -278,6 +278,11 @@ fi
 # block bad UA
 if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
 	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "true"
+	if [ "$WHITELIST_USERAGENT_LIST" != "" ] ; then
+		replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USERAGENT_LIST%" "$WHITELIST_USERAGENT_LIST"
+	else
+		replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USERAGENT_LIST%" ""
+	fi
 else
 	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "false"
 fi

ui/config.json

@@ -684,6 +684,14 @@
             "regex":"^([A-Z]{2} ?)*$",
             "id":"whitelist-country",
             "default":""
+         },
+         {
+            "type":"text",
+            "label":"Whitelist user agent list",
+            "env":"WHITELIST_USERAGENT_LIST",
+            "regex":".*",
+            "id":"whitelist-user-agent-list",
+            "default":""
          }
       ]
    },