logs/lua - add logger tool
This commit is contained in:
parent
de560490d3
commit
8260746fe1
|
@ -10,14 +10,15 @@ rewrite_by_lua_block {
|
|||
local api = require "api"
|
||||
local api_whitelist_ip = {%API_WHITELIST_IP%}
|
||||
local api_uri = "%API_URI%"
|
||||
local logger = require "logger"
|
||||
|
||||
if api.is_api_call(api_uri, api_whitelist_ip) then
|
||||
ngx.header.content_type = 'text/plain'
|
||||
if api.do_api_call(api_uri) then
|
||||
ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.NOTICE, "API", "API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
|
||||
ngx.say("ok")
|
||||
else
|
||||
ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "API", "API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
|
||||
ngx.say("ko")
|
||||
end
|
||||
|
||||
|
|
|
@ -3,14 +3,15 @@ rewrite_by_lua_block {
|
|||
local api = require "api"
|
||||
local api_whitelist_ip = {%API_WHITELIST_IP%}
|
||||
local api_uri = "%API_URI%"
|
||||
local logger = require "logger"
|
||||
|
||||
if api.is_api_call(api_uri, api_whitelist_ip) then
|
||||
ngx.header.content_type = 'text/plain'
|
||||
if api.do_api_call(api_uri) then
|
||||
ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.NOTICE, "API", "API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
|
||||
ngx.say("ok")
|
||||
else
|
||||
ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "API", "API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
|
||||
ngx.say("ko")
|
||||
end
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
init_by_lua_block {
|
||||
|
||||
local dataloader = require "dataloader"
|
||||
local logger = require "logger"
|
||||
|
||||
local use_proxies = %USE_PROXIES%
|
||||
local use_abusers = %USE_ABUSERS%
|
||||
|
@ -33,10 +34,10 @@ if use_crowdsec then
|
|||
local cs = require "crowdsec.CrowdSec"
|
||||
local ok, err = cs.init("/etc/nginx/crowdsec.conf")
|
||||
if ok == nil then
|
||||
ngx.log(ngx.ERR, "[CROWDSEC] " .. err)
|
||||
logger.log(ngx.ERR, "CROWDSEC", err)
|
||||
error()
|
||||
end
|
||||
ngx.log(ngx.ERR, "[CROWDSEC] *NOT AN ERROR* initialisation done")
|
||||
logger.log(ngx.ERR, "CROWDSEC" "*NOT AN ERROR* initialisation done")
|
||||
end
|
||||
|
||||
}
|
||||
|
|
|
@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
|
|||
content_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local captcha = require "captcha"
|
||||
local logger = require "logger"
|
||||
if not cookie.is_set("uri") then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (1) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "captcha fail (1) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local img, res = captcha.get_challenge()
|
||||
|
@ -21,20 +22,21 @@ location = %ANTIBOT_URI% {
|
|||
access_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local captcha = require "captcha"
|
||||
local logger = require "logger"
|
||||
if not cookie.is_set("captchares") then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (2) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "captcha fail (2) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
ngx.req.read_body()
|
||||
local args, err = ngx.req.get_post_args(1)
|
||||
if err == "truncated" or not args or not args["captcha"] then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (3) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "captcha fail (3) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local captcha_user = args["captcha"]
|
||||
local check = captcha.check(captcha_user, cookie.get("captchares"))
|
||||
if not check then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (4) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "captcha fail (4) for " .. ngx.var.remote_addr)
|
||||
return ngx.redirect("%ANTIBOT_URI%")
|
||||
end
|
||||
cookie.set({captcha = "ok"})
|
||||
|
|
|
@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
|
|||
content_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local javascript = require "javascript"
|
||||
local logger = require "logger"
|
||||
if not cookie.is_set("challenge") then
|
||||
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (1) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "javascript fail (1) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local challenge = cookie.get("challenge")
|
||||
|
@ -20,20 +21,21 @@ location = %ANTIBOT_URI% {
|
|||
content_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local javascript = require "javascript"
|
||||
local logger = require "logger"
|
||||
if not cookie.is_set("challenge") then
|
||||
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (2) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "javascript fail (2) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
ngx.req.read_body()
|
||||
local args, err = ngx.req.get_post_args(1)
|
||||
if err == "truncated" or not args or not args["challenge"] then
|
||||
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (3) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "javascript fail (3) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local challenge = args["challenge"]
|
||||
local check = javascript.check(cookie.get("challenge"), challenge)
|
||||
if not check then
|
||||
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (4) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "javascript fail (4) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
cookie.set({javascript = "ok"})
|
||||
|
|
|
@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
|
|||
content_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local recaptcha = require "recaptcha"
|
||||
local loggger = require "logger"
|
||||
if not cookie.is_set("uri") then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (1) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (1) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%")
|
||||
|
@ -19,20 +20,21 @@ location = %ANTIBOT_URI% {
|
|||
access_by_lua_block {
|
||||
local cookie = require "cookie"
|
||||
local recaptcha = require "recaptcha"
|
||||
local logger = require "logger"
|
||||
if not cookie.is_set("uri") then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (2) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (2) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
ngx.req.read_body()
|
||||
local args, err = ngx.req.get_post_args(1)
|
||||
if err == "truncated" or not args or not args["token"] then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (3) for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (3) for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
local token = args["token"]
|
||||
local check = recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%")
|
||||
if check < %ANTIBOT_RECAPTCHA_SCORE% then
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")")
|
||||
logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")")
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
cookie.set({recaptcha = "ok"})
|
||||
|
|
|
@ -48,15 +48,16 @@ local dnsbl_list = {%DNSBL_LIST%}
|
|||
local use_bad_behavior = %USE_BAD_BEHAVIOR%
|
||||
|
||||
-- include LUA code
|
||||
local whitelist = require "whitelist"
|
||||
local blacklist = require "blacklist"
|
||||
local dnsbl = require "dnsbl"
|
||||
local cookie = require "cookie"
|
||||
local javascript = require "javascript"
|
||||
local captcha = require "captcha"
|
||||
local recaptcha = require "recaptcha"
|
||||
local iputils = require "resty.iputils"
|
||||
local behavior = require "behavior"
|
||||
local whitelist = require "whitelist"
|
||||
local blacklist = require "blacklist"
|
||||
local dnsbl = require "dnsbl"
|
||||
local cookie = require "cookie"
|
||||
local javascript = require "javascript"
|
||||
local captcha = require "captcha"
|
||||
local recaptcha = require "recaptcha"
|
||||
local iputils = require "resty.iputils"
|
||||
local behavior = require "behavior"
|
||||
local logger = require "logger"
|
||||
|
||||
-- user variables
|
||||
local antibot_uri = "%ANTIBOT_URI%"
|
||||
|
@ -101,13 +102,14 @@ end
|
|||
-- check if URI is whitelisted
|
||||
for k, v in pairs(whitelist_uri) do
|
||||
if ngx.var.request_uri == v then
|
||||
ngx.log(ngx.NOTICE, "[WHITELIST] URI " .. v .. " is whitelisted")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "URI " .. v .. " is whitelisted")
|
||||
ngx.exit(ngx.OK)
|
||||
end
|
||||
end
|
||||
|
||||
-- check if it's certbot
|
||||
if use_lets_encrypt and string.match(ngx.var.request_uri, "^/.well-known/acme-challenge/") then
|
||||
logger.log(ngx.INFO, "LETSENCRYPT", "got a visit from Let's Encrypt")
|
||||
ngx.exit(ngx.OK)
|
||||
end
|
||||
|
||||
|
@ -127,7 +129,7 @@ end
|
|||
|
||||
-- check if IP is banned because of "bad behavior"
|
||||
if use_bad_behavior and behavior.is_banned() then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is banned because of bad behavior")
|
||||
logger.log(ngx.WARN, "BEHAVIOR", "IP " .. ngx.var.remote_addr .. " is banned because of bad behavior")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
|
||||
|
@ -135,7 +137,7 @@ end
|
|||
if use_proxies then
|
||||
local value, flags = ngx.shared.proxies_data:get(iputils.ip2bin(ngx.var.remote_addr))
|
||||
if value ~= nil then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in proxies list")
|
||||
logger.log(ngx.WARN, "PROXIES", "IP " .. ngx.var.remote_addr .. " is in proxies list")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
@ -144,7 +146,7 @@ end
|
|||
if use_abusers then
|
||||
local value, flags = ngx.shared.abusers_data:get(iputils.ip2bin(ngx.var.remote_addr))
|
||||
if value ~= nil then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in abusers list")
|
||||
logger.log(ngx.WARN, "ABUSERS", "IP " .. ngx.var.remote_addr .. " is in abusers list")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
@ -153,7 +155,7 @@ end
|
|||
if use_tor_exit_nodes then
|
||||
local value, flags = ngx.shared.tor_exit_nodes_data:get(iputils.ip2bin(ngx.var.remote_addr))
|
||||
if value ~= nil then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in TOR exit nodes list")
|
||||
logger.log(ngx.WARN, "TOR", "IP " .. ngx.var.remote_addr .. " is in TOR exit nodes list")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
@ -163,7 +165,7 @@ if use_user_agents and ngx.var.http_user_agent ~= nil then
|
|||
local whitelisted = false
|
||||
for k, v in pairs(whitelist_user_agent) do
|
||||
if string.match(ngx.var.http_user_agent, v) then
|
||||
ngx.log(ngx.NOTICE, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "User-Agent " .. ngx.var.http_user_agent .. " is whitelisted")
|
||||
whitelisted = true
|
||||
break
|
||||
end
|
||||
|
@ -185,7 +187,7 @@ if use_user_agents and ngx.var.http_user_agent ~= nil then
|
|||
end
|
||||
end
|
||||
if value == "ko" then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted")
|
||||
logger.log(ngx.WARN, "USER-AGENT", "User-Agent " .. ngx.var.http_user_agent .. " is blacklisted")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
@ -209,14 +211,14 @@ if use_referrer and ngx.var.http_referer ~= nil then
|
|||
end
|
||||
end
|
||||
if value == "ko" then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] Referrer " .. ngx.var.http_referer .. " is blacklisted")
|
||||
logger.log(ngx.WARN, "REFERRER", "Referrer " .. ngx.var.http_referer .. " is blacklisted")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
||||
-- check if country is allowed
|
||||
if use_country and ngx.var.allowed_country == "no" then
|
||||
ngx.log(ngx.NOTICE, "[BLOCK] Country of " .. ngx.var.remote_addr .. " is blacklisted")
|
||||
logger.log(ngx.WARN, "COUNTRY", "Country of " .. ngx.var.remote_addr .. " is blacklisted")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
|
||||
|
@ -231,10 +233,10 @@ end
|
|||
if use_crowdsec then
|
||||
local ok, err = require "crowdsec.CrowdSec".allowIp(ngx.var.remote_addr)
|
||||
if ok == nil then
|
||||
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
|
||||
logger.log(ngx.ERR, "CROWDSEC", err)
|
||||
end
|
||||
if not ok then
|
||||
ngx.log(ngx.NOTICE, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "'")
|
||||
logger.log(ngx.WARN, "CROWDSEC", "denied " .. ngx.var.remote_addr)
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
@ -246,7 +248,7 @@ if use_antibot_cookie then
|
|||
cookie.set({uri = ngx.var.request_uri})
|
||||
return ngx.redirect(antibot_uri)
|
||||
end
|
||||
ngx.log(ngx.NOTICE, "[ANTIBOT] cookie fail for " .. ngx.var.remote_addr)
|
||||
logger.log(ngx.WARN, "ANTIBOT", "cookie fail for " .. ngx.var.remote_addr)
|
||||
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
else
|
||||
if ngx.var.request_uri == antibot_uri then
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
local M = {}
|
||||
local M = {}
|
||||
local logger = require "logger"
|
||||
|
||||
function M.is_banned ()
|
||||
return ngx.shared.behavior_ban:get(ngx.var.remote_addr) == true
|
||||
|
@ -14,14 +15,14 @@ function M.count (status_codes, threshold, count_time, ban_time)
|
|||
count = count + 1
|
||||
local ok, err = ngx.shared.behavior_count:set(ngx.var.remote_addr, count, count_time)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_count")
|
||||
logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_count")
|
||||
return
|
||||
end
|
||||
if count >= threshold then
|
||||
ngx.log(ngx.NOTICE, "[BEHAVIOR] threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds")
|
||||
logger.log(ngx.WARN, "BEHAVIOR", "threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds")
|
||||
local ok, err = ngx.shared.behavior_ban:safe_set(ngx.var.remote_addr, true, ban_time)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_ban")
|
||||
logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_ban")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.ip_cached_ko ()
|
||||
return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) == "ko"
|
||||
|
@ -23,7 +24,7 @@ function M.check_ip (ip_list)
|
|||
local blacklist = iputils.parse_cidrs(ip_list)
|
||||
if iputils.ip_in_cidrs(ngx.var.remote_addr, blacklist) then
|
||||
ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in blacklist")
|
||||
logger.log(ngx.WARN, "BLACKLIST", "ip " .. ngx.var.remote_addr .. " is in blacklist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
@ -38,7 +39,7 @@ function M.check_reverse (reverse_list, resolvers)
|
|||
for k, v in ipairs(reverse_list) do
|
||||
if rdns:sub(-#v) == v then
|
||||
ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in blacklist")
|
||||
logger.log(ngx.WARN, "BLACKLIST", "reverse " .. rdns .. " is in blacklist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
local M = {}
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.flush_dict (dict)
|
||||
local keys = dict:get_keys(0)
|
||||
|
@ -12,7 +13,7 @@ function M.load_ip (path, dict)
|
|||
M.flush_dict(dict)
|
||||
local file = io.open(path, "r")
|
||||
if not file then
|
||||
ngx.log(ngx.ERR, "[INIT] can't open " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "can't open " .. path)
|
||||
else
|
||||
io.input(file)
|
||||
local i = 0
|
||||
|
@ -24,7 +25,7 @@ function M.load_ip (path, dict)
|
|||
while bin_ip <= upper do
|
||||
local ok, err = dict:safe_set(bin_ip, true, 0)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
|
||||
continue = false
|
||||
break
|
||||
end
|
||||
|
@ -40,7 +41,7 @@ function M.load_ip (path, dict)
|
|||
break
|
||||
end
|
||||
end
|
||||
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path)
|
||||
io.close(file)
|
||||
end
|
||||
end
|
||||
|
@ -49,19 +50,19 @@ function M.load_raw (path, dict)
|
|||
M.flush_dict(dict)
|
||||
local file = io.open(path, "r")
|
||||
if not file then
|
||||
ngx.log(ngx.ERR, "[INIT] can't open " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "can't open " .. path)
|
||||
else
|
||||
io.input(file)
|
||||
local i = 0
|
||||
for line in io.lines() do
|
||||
local ok, err = dict:safe_set(line, true, 0)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
|
||||
break
|
||||
end
|
||||
i = i + 1
|
||||
end
|
||||
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path)
|
||||
io.close(file)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
local M = {}
|
||||
local dns = require "dns"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.cached_ko ()
|
||||
return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko"
|
||||
|
@ -18,7 +19,7 @@ function M.check (dnsbls, resolvers)
|
|||
local a,b,c,d = v2:match("([%d]+).([%d]+).([%d]+).([%d]+)")
|
||||
if a == "127" then
|
||||
ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v)
|
||||
logger.log(ngx.WARN, "DNSBL", "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v)
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
local M = {}
|
||||
local errlog = require "ngx.errlog"
|
||||
|
||||
function M.log (level, prefix, msg)
|
||||
errlog.raw_log(level, "[" .. prefix .. "] " .. msg)
|
||||
end
|
||||
|
||||
return M
|
|
@ -1,6 +1,7 @@
|
|||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.ip_cached_ok ()
|
||||
return ngx.shared.whitelist_ip_cache:get(ngx.var.remote_addr) == "ok"
|
||||
|
@ -23,7 +24,7 @@ function M.check_ip (ip_list)
|
|||
local whitelist = iputils.parse_cidrs(ip_list)
|
||||
if iputils.ip_in_cidrs(ngx.var.remote_addr, whitelist) then
|
||||
ngx.shared.whitelist_ip_cache:set(ngx.var.remote_addr, "ok", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in whitelist")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "ip " .. ngx.var.remote_addr .. " is in whitelist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
@ -47,7 +48,7 @@ function M.check_reverse (reverse_list, resolvers)
|
|||
for k, v in ipairs(ips) do
|
||||
if v == ngx.var.remote_addr then
|
||||
ngx.shared.whitelist_reverse_cache:set(ngx.var.remote_addr, "ok", 86400)
|
||||
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in whitelist")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "reverse " .. rdns .. " is in whitelist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue