block proxies and abusers
This commit is contained in:
parent
3a9afa47b6
commit
f4c43a2148
|
@ -0,0 +1,3 @@
|
|||
limit_req_status 429;
|
||||
limit_req zone=limit burst=%LIMIT_REQ_BURST% nodelay;
|
||||
|
|
@ -25,6 +25,8 @@ server {
|
|||
%BLOCK_COUNTRY%
|
||||
%BLOCK_USER_AGENT%
|
||||
%BLOCK_TOR_EXIT_NODE%
|
||||
%BLOCK_PROXIES%
|
||||
%BLOCK_ABUSERS%
|
||||
%COOKIE_FLAGS%
|
||||
%ERRORS%
|
||||
%USE_FAIL2BAN%
|
||||
|
|
|
@ -83,7 +83,9 @@ SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
|||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_COUNTRY="${BLOCK_COUNTRY-}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-no}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
|
@ -245,7 +247,7 @@ fi
|
|||
if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_USER_AGENT%" "include /etc/nginx/block-user-agent.conf;"
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENT%" "include /etc/nginx/map-user-agent.conf;"
|
||||
/opt/scripts/user-agents.sh
|
||||
/opt/scripts/user-agents.sh &
|
||||
echo "0 0 * * * /opt/scripts/user-agents.sh" >> /etc/crontabs/root
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_USER_AGENT%" ""
|
||||
|
@ -253,11 +255,25 @@ else
|
|||
fi
|
||||
if [ "$BLOCK_TOR_EXIT_NODE" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_TOR_EXIT_NODE%" "include /etc/nginx/block-tor-exit-node.conf;"
|
||||
/opt/scripts/exit-nodes.sh
|
||||
/opt/scripts/exit-nodes.sh &
|
||||
echo "0 * * * * /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_TOR_EXIT_NODE%" ""
|
||||
fi
|
||||
if [ "$BLOCK_PROXIES" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_PROXIES%" "include /etc/nginx/block-proxies.conf;"
|
||||
/opt/scripts/proxies.sh &
|
||||
echo "0 0 * * * /opt/scripts/proxies.sh" >> /etc/crontabs/root
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_PROXIES%" ""
|
||||
fi
|
||||
if [ "$BLOCK_ABUSERS" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_ABUSERS%" "include /etc/nginx/block-abusers.conf;"
|
||||
/opt/scripts/abusers.sh &
|
||||
echo "0 0 * * * /opt/scripts/abusers.sh" >> /etc/crontabs/root
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%BLOCK_ABUSERS%" ""
|
||||
fi
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
|
||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "" > /etc/nginx/block-abusers.conf
|
||||
curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | grep -v "^\#.*" |
|
||||
while read entry ; do
|
||||
echo "deny ${entry};" >> /etc/nginx/block-abusers.conf
|
||||
done
|
||||
if [ -f /run/nginx/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload
|
||||
fi
|
|
@ -1,11 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
BLACKLIST=$(curl -s "https://iplists.firehol.org/files/tor_exits.ipset")
|
||||
DATA=""
|
||||
for ip in $BLACKLIST ; do
|
||||
DATA="${DATA}deny ${ip};\n"
|
||||
echo "" > /etc/nginx/block-tor-exit-node.conf
|
||||
curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | grep -v "^\#.*" |
|
||||
while read entry ; do
|
||||
echo "deny ${entry};" >> /etc/nginx/block-tor-exit-node.conf
|
||||
done
|
||||
echo $DATA > /etc/nginx/block-tor-exit-node.conf
|
||||
if [ -f /run/nginx/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "" > /etc/nginx/block-proxies.conf
|
||||
curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | grep -v "^\#.*" |
|
||||
while read entry ; do
|
||||
echo "deny ${entry};" >> /etc/nginx/block-proxies.conf
|
||||
done
|
||||
if [ -f /run/nginx/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload
|
||||
fi
|
Loading…
Reference in New Issue