librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity
bunkerized-nginx/lua/blacklist.lua
bunkerity 8260746fe1
logs/lua - add logger tool
2021-05-19 11:11:18 +02:00

53 lines
1.5 KiB
Lua
Raw Blame History

local M = {}
local dns = require "dns"
local iputils = require "resty.iputils"
local logger = require "logger"
function M.ip_cached_ko ()
return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) == "ko"
end
function M.reverse_cached_ko ()
return ngx.shared.blacklist_reverse_cache:get(ngx.var.remote_addr) == "ko"
end
function M.ip_cached ()
return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) ~= nil
end
function M.reverse_cached ()
return ngx.shared.blacklist_reverse_cache:get(ngx.var.remote_addr) ~= nil
end
function M.check_ip (ip_list)
if #ip_list > 0 then
local blacklist = iputils.parse_cidrs(ip_list)
if iputils.ip_in_cidrs(ngx.var.remote_addr, blacklist) then
ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ko", 86400)
logger.log(ngx.WARN, "BLACKLIST", "ip " .. ngx.var.remote_addr .. " is in blacklist")
return true
end
end
ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ok", 86400)
return false
end
function M.check_reverse (reverse_list, resolvers)
if #reverse_list > 0 then
local rdns = dns.get_reverse(resolvers)
if rdns ~= "" then
for k, v in ipairs(reverse_list) do
if rdns:sub(-#v) == v then
ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ko", 86400)
logger.log(ngx.WARN, "BLACKLIST", "reverse " .. rdns .. " is in blacklist")
return true
end
end
end
end
ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ok", 86400)
return false
end
return M
Reference in a new issue View git blame Copy permalink