basic antibot feature through cookie
This commit is contained in:
parent
652d8ac979
commit
6e1c43c4cd
20
compile.sh
20
compile.sh
|
@ -3,7 +3,7 @@
|
|||
NTASK=$(nproc)
|
||||
|
||||
# install build dependencies
|
||||
apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev
|
||||
apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev
|
||||
|
||||
# compile and install ModSecurity library
|
||||
cd /tmp
|
||||
|
@ -45,6 +45,24 @@ git clone https://github.com/openresty/lua-resty-dns.git
|
|||
cd lua-resty-dns
|
||||
make install
|
||||
cd /tmp
|
||||
git clone https://github.com/bungle/lua-resty-session.git
|
||||
cd lua-resty-session
|
||||
cp -r lib/resty/* /usr/local/lib/lua/resty
|
||||
cd /tmp
|
||||
git clone https://github.com/bungle/lua-resty-random.git
|
||||
cd lua-resty-random
|
||||
make install
|
||||
cd /tmp
|
||||
git clone https://github.com/openresty/lua-resty-string.git
|
||||
cd lua-resty-string
|
||||
make install
|
||||
cd /tmp
|
||||
git clone https://github.com/openresty/lua-cjson.git
|
||||
cd lua-cjson
|
||||
make -j $NTASK
|
||||
make install
|
||||
make install-extra
|
||||
cd /tmp
|
||||
git clone https://github.com/openresty/lua-nginx-module.git
|
||||
export LUAJIT_LIB=/usr/local/lib
|
||||
export LUAJIT_INC=/usr/local/include/luajit-2.1
|
||||
|
|
|
@ -5,11 +5,16 @@ local use_whitelist_reverse = %USE_WHITELIST_REVERSE%
|
|||
local use_blacklist_ip = %USE_BLACKLIST_IP%
|
||||
local use_blacklist_reverse = %USE_BLACKLIST_REVERSE%
|
||||
local use_dnsbl = %USE_DNSBL%
|
||||
local use_antibot_cookie = %USE_ANTIBOT_COOKIE%
|
||||
|
||||
-- include LUA code
|
||||
local whitelist = require "whitelist"
|
||||
local blacklist = require "blacklist"
|
||||
local dnsbl = require "dnsbl"
|
||||
local cookie = require "cookie"
|
||||
|
||||
-- antibot
|
||||
local antibot_uri = "%ANTIBOT_URI%"
|
||||
|
||||
-- check if already in whitelist cache
|
||||
if use_whitelist_ip and whitelist.ip_cached_ok() then
|
||||
|
@ -67,6 +72,21 @@ if use_dnsbl and not dnsbl.cached() then
|
|||
end
|
||||
end
|
||||
|
||||
-- cookie check
|
||||
if use_antibot_cookie then
|
||||
if not cookie.is_set() then
|
||||
if ngx.var.uri ~= antibot_uri then
|
||||
cookie.set()
|
||||
return ngx.redirect(antibot_uri)
|
||||
end
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
else
|
||||
if ngx.var.uri == antibot_uri then
|
||||
return ngx.redirect(cookie.get_uri())
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
ngx.exit(ngx.OK)
|
||||
|
||||
}
|
||||
|
|
|
@ -153,6 +153,8 @@ SELF_SIGNED_SSL_CITY="${SELF_SIGNED_SSL_CITY-Bern}"
|
|||
SELF_SIGNED_SSL_ORG="${SELF_SIGNED_SSL_ORG-AcmeInc}"
|
||||
SELF_SIGNED_SSL_OU="${SELF_SIGNED_SSL_OU-IT}"
|
||||
SELF_SIGNED_SSL_CN="${SELF_SIGNED_SSL_CN-bunkerity-nginx}"
|
||||
ANTIBOT_URI="${ANTIBOT_URI-/challenge}"
|
||||
USE_ANTIBOT_COOKIE="${USE_ANTIBOT_COOKIE-yes}"
|
||||
|
||||
# install additional modules if needed
|
||||
if [ "$ADDITIONAL_MODULES" != "" ] ; then
|
||||
|
@ -493,6 +495,16 @@ fi
|
|||
list=$(spaces_to_lua "$DNSBL_LIST")
|
||||
replace_in_file "/usr/local/lib/lua/dnsbl.lua" "%DNSBL_LIST%" "$list"
|
||||
|
||||
# antibot uri
|
||||
replace_in_file "/etc/nginx/main-lua.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
|
||||
|
||||
# antibot via cookie
|
||||
if [ "$USE_ANTIBOT_COOKIE" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/main-lua.conf" "%USE_ANTIBOT_COOKIE%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/main-lua.conf" "%USE_ANTIBOT_COOKIE%" "false"
|
||||
fi
|
||||
|
||||
if [ "$USE_LIMIT_REQ" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LIMIT_REQ_ZONE%" "limit_req_zone \$binary_remote_addr zone=limit:${LIMIT_REQ_CACHE} rate=${LIMIT_REQ_RATE};"
|
||||
replace_in_file "/etc/nginx/server.conf" "%LIMIT_REQ%" "include /etc/nginx/limit-req.conf;"
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
local M = {}
|
||||
local session = require "resty.session"
|
||||
|
||||
function M.is_set ()
|
||||
local s = session.open()
|
||||
if s and s.data.uri then
|
||||
return true
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
function M.set ()
|
||||
local s = session.start()
|
||||
s.data.uri = ngx.var.request_uri
|
||||
s:save()
|
||||
end
|
||||
|
||||
function M.get_uri ()
|
||||
return session.open().data.uri
|
||||
end
|
||||
|
||||
return M
|
Loading…
Reference in New Issue