block bad referrers

entrypoint/defaults.sh

@@ -44,6 +44,7 @@ DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
 SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
 ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
 BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
+BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
 BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
 BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
 BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"

entrypoint/global-config.sh

@@ -95,6 +95,21 @@ else
 	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENT%" ""
 fi
 
+# block bad refferer
+if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRER%" "include /etc/nginx/map-referrer.conf;"
+	echo "0 0 * * * /opt/scripts/referrers.sh" >> /etc/crontabs/root
+	if [ -f "/cache/map-referrer.conf" ] ; then
+		echo "[*] Copying cached map-referrer.conf ..."
+		cp /cache/map-referrer.conf /etc/nginx/map-referrer.conf
+	else
+		echo "[*] Downloading bad referrer list (in background) ..."
+		/opt/scripts/referrers.sh &
+	fi
+else
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRER%" ""
+fi
+
 # block TOR exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	echo "0 * * * * /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root

entrypoint/site-config.sh

@@ -264,6 +264,13 @@ else
 	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_USER_AGENT%" ""
 fi
 
+# block bad referrer
+if [ "$BLOCK_REFERRER" = "yes" ] ; then
+	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" "include ${NGINX_PREFIX}block-referrer.conf;"
+else
+	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_REFERRER%" ""
+fi
+
 # block TOR exit nodes
 if [ "$BLOCK_TOR_EXIT_NODE" = "yes" ] ; then
 	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_TOR_EXIT_NODE%" "include /etc/nginx/block-tor-exit-node.conf;"