crowdsec integration

confs/crowdsec.conf

@@ -0,0 +1,9 @@
+init_by_lua_block {
+	local cs = require "crowdsec.CrowdSec"
+	local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
+	if ok == nil then
+		ngx.log(ngx.ERR, "[Crowdsec] " .. err)
+		error()
+	end
+	ngx.log(ngx.ERR, "[Crowdsec] Initialisation done")
+}

confs/main-lua.conf

@@ -8,6 +8,7 @@ local use_whitelist_reverse	= %USE_WHITELIST_REVERSE%
 local use_blacklist_ip		= %USE_BLACKLIST_IP%
 local use_blacklist_reverse	= %USE_BLACKLIST_REVERSE%
 local use_dnsbl			= %USE_DNSBL%
+local use_crowdsec		= %USE_CROWDSEC%
 local use_antibot_cookie	= %USE_ANTIBOT_COOKIE%
 local use_antibot_javascript	= %USE_ANTIBOT_JAVASCRIPT%
 local use_antibot_captcha	= %USE_ANTIBOT_CAPTCHA%
@@ -81,6 +82,18 @@ if use_dnsbl and not dnsbl.cached() then
 	end
 end
 
+-- check if IP is in CrowdSec DB
+if use_crowdsec then
+	local ok, err = require "crowdsec.CrowdSec".allowIp(ngx.var.remote_addr)
+	if ok == nil then
+		ngx.log(ngx.ERR, "[Crowdsec] " .. err)
+	end
+	if not ok then
+		ngx.log(ngx.ERR, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "'")
+		ngx.exit(ngx.HTTP_FORBIDDEN)
+	end
+end
+
 -- cookie check
 if use_antibot_cookie then
 	if not cookie.is_set("uri") then

confs/nginx.conf

@@ -90,6 +90,9 @@ http {
 	%BLACKLIST_IP_CACHE%
 	%BLACKLIST_REVERSE_CACHE%
 	%DNSBL_CACHE%
+
+	# crowdsec init
+	%USE_CROWDSEC%
 	
 	# shared memory zone for limit_req
 	%LIMIT_REQ_ZONE%