moved UA and referrer check to LUA

2020-12-04 22:21:38 +01:00 · 2020-12-04 22:21:38 +01:00 · 26947179a4
commit 26947179a4
parent 88f27bfeb8
6 changed files with 17 additions and 13 deletions
--- a/confs/site/block-referrer.conf
+++ b/confs/site/block-referrer.conf
@ -1,3 +0,0 @@
 if ($bad_referrer = yes) {
 	return 444;
 }
--- a/confs/site/block-user-agent.conf
+++ b/confs/site/block-user-agent.conf
@ -1,3 +0,0 @@
 if ($bad_user_agent = yes) {
 	return 444;
 }
--- a/confs/site/main-lua.conf
+++ b/confs/site/main-lua.conf
@ -5,6 +5,8 @@ access_by_lua_block {
 local use_whitelist_ip		= %USE_WHITELIST_IP%
 local use_whitelist_reverse	= %USE_WHITELIST_REVERSE%
 local use_user_agent		= %USE_USER_AGENT%
 local use_referrer		= %USE_REFERRER%
 local use_country		= %USE_COUNTRY%
 local use_blacklist_ip		= %USE_BLACKLIST_IP%
 local use_blacklist_reverse	= %USE_BLACKLIST_REVERSE%
@ -35,6 +37,16 @@ if use_whitelist_reverse and whitelist.reverse_cached_ok() then
 	ngx.exit(ngx.OK)
 end
 -- check if user-agent is allowed
 if use_user_agent and ngx.var.bad_user_agent == "yes" then
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end
 -- check if referrer is allowed
 if use_referrer and ngx.var.bad_referrer == "yes" then
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end
 -- check if country is allowed
 if use_country and ngx.var.allowed_country == "no" then
 	ngx.exit(ngx.HTTP_FORBIDDEN)
--- a/confs/site/server.conf
+++ b/confs/site/server.conf
@ -24,8 +24,6 @@ server {
 	%REFERRER_POLICY%
 	%FEATURE_POLICY%
 	%PERMISSIONS_POLICY%
 	%BLOCK_USER_AGENT%
 	%BLOCK_REFERRER%
 	%BLOCK_TOR_EXIT_NODE%
 	%BLOCK_PROXIES%
 	%BLOCK_ABUSERS%
--- a/entrypoint/defaults.sh
+++ b/entrypoint/defaults.sh
@ -81,7 +81,7 @@ LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
 LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
 DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
 USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
-WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
+WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
 USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
 WHITELIST_REVERSE_LIST="${WHITELIST_REVERSE_LIST-.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net}"
 USE_BLACKLIST_IP="${USE_BLACKLIST_IP-yes}"
--- a/entrypoint/site-config.sh
+++ b/entrypoint/site-config.sh
@ -266,16 +266,16 @@ fi
 # block bad UA
 if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_USER_AGENT%" "include ${NGINX_PREFIX}block-user-agent.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_USER_AGENT%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENT%" "false"
 fi
 # block bad referrer
 if [ "$BLOCK_REFERRER" = "yes" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" "include ${NGINX_PREFIX}block-referrer.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRER%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRER%" "false"
 fi
 # block TOR exit nodes