mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
Merge branch 'whitelist_ua' of https://github.com/thelittlefireman/bunkerized-nginx into dev
This commit is contained in:
commit
6b56e21a09
6 changed files with 35 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
.idea/
|
|
@ -1040,6 +1040,12 @@ Default value : *.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .c
|
|||
Context : *global*
|
||||
The list of reverse DNS suffixes to whitelist when `USE_WHITELIST_REVERSE` is set to *yes*. The default list contains suffixes of major search engines.
|
||||
|
||||
`WHITELIST_USERAGENT_LIST`
|
||||
Values : *"useragent1", "^[user]agent2"*
|
||||
Default value : **
|
||||
Context : *global*, *multisite*
|
||||
Whitelist user agent from be blocked by `BLOCK_USER_AGENT`
|
||||
|
||||
### Custom blacklisting
|
||||
|
||||
`USE_BLACKLIST_IP`
|
||||
|
|
|
@ -6,6 +6,7 @@ access_by_lua_block {
|
|||
local use_whitelist_ip = %USE_WHITELIST_IP%
|
||||
local use_whitelist_reverse = %USE_WHITELIST_REVERSE%
|
||||
local use_user_agent = %USE_USER_AGENT%
|
||||
local whitelist_useragent_list = { %WHITELIST_USERAGENT_LIST% }
|
||||
local use_referrer = %USE_REFERRER%
|
||||
local use_country = %USE_COUNTRY%
|
||||
local use_blacklist_ip = %USE_BLACKLIST_IP%
|
||||
|
@ -80,6 +81,19 @@ end
|
|||
|
||||
-- check if user-agent is allowed
|
||||
if use_user_agent and ngx.var.bad_user_agent == "yes" then
|
||||
local headers = ngx.req.get_headers()
|
||||
local ua = headers["User-Agent"]
|
||||
if not whitelist_useragent_list ~= "" then
|
||||
local k_ua_white, v_ua_white = next(whitelist_useragent_list, nil)
|
||||
while v_ua_white do
|
||||
local rst_whitelist = string.match(ua, v_ua_white)
|
||||
if rst_whitelist ~= nil and rst_whitelist ~= "" then
|
||||
ngx.log(ngx.WARN, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted")
|
||||
ngx.exit(ngx.OK)
|
||||
end
|
||||
k_ua_white, v_ua_white = next(whitelist_useragent_list, k_ua_white)
|
||||
end
|
||||
end
|
||||
ngx.log(ngx.WARN, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
|
|
|
@ -45,6 +45,7 @@ DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
|
|||
SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
||||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
WHITELIST_USERAGENT_LIST="${WHITELIST_USERAGENT_LIST-}"
|
||||
BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
|
|
|
@ -278,6 +278,11 @@ fi
|
|||
# block bad UA
|
||||
if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "true"
|
||||
if [ "$WHITELIST_USERAGENT_LIST" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USERAGENT_LIST%" "$WHITELIST_USERAGENT_LIST"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USERAGENT_LIST%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "false"
|
||||
fi
|
||||
|
|
|
@ -684,6 +684,14 @@
|
|||
"regex":"^([A-Z]{2} ?)*$",
|
||||
"id":"whitelist-country",
|
||||
"default":""
|
||||
},
|
||||
{
|
||||
"type":"text",
|
||||
"label":"Whitelist user agent list",
|
||||
"env":"WHITELIST_USERAGENT_LIST",
|
||||
"regex":".*",
|
||||
"id":"whitelist-user-agent-list",
|
||||
"default":""
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue