Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dnsbl - disable checks when IP is local

Browse Source
This commit is contained in:
bunkerity 2021-06-02 13:46:57 +02:00
parent 74fb015366
commit 445032406b
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lua/dnsbl.lua
View File

@ -1,6 +1,7 @@
local M = {} local M = {}
local dns = require "dns" local dns = require "dns"
local logger = require "logger" local logger = require "logger"
local iputils = require "resty.iputils"
function M.cached_ko () function M.cached_ko ()
return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko" return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko"
@ -11,6 +12,11 @@ function M.cached ()
end end
function M.check (dnsbls, resolvers) function M.check (dnsbls, resolvers)
local local_ips = iputils.parse_cidrs({"127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"})
if iputils.ip_in_cidrs(ngx.var.remote_addr, local_ips) then
ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ok", 86400)
return false
end
local rip = dns.ip_to_arpa() local rip = dns.ip_to_arpa()
for k, v in ipairs(dnsbls) do for k, v in ipairs(dnsbls) do
local req = rip .. "." .. v local req = rip .. "." .. v