use annotations as env var in Ingress definition, fix cidr parsing for reserved ips, fix missing empty when job is external, fix ping check for remote api and init work hour/day support for request limit

confs/global/init-lua.conf

@@ -37,7 +37,10 @@ local reserved_ips = {
 	"240.0.0.0/4",
 	"255.255.255.255/32"
 }
-ngx.shared.reserved_ips:safe_set("cidrs", iputils.parse_cidrs(reserved_ips), 0)
+local success, err, forcible = ngx.shared.reserved_ips:set("data", cjson.encode(iputils.parse_cidrs(reserved_ips)), 0)
+if not success then
+	logger.log(ngx.ERR, "INIT", "Can't load reserved IPs : " .. err)
+end
 
 -- Load blacklists
 if not use_redis then

confs/global/nginx.conf

@@ -90,13 +90,14 @@ http {
 	{% if has_value("BLOCK_REFERRER", "yes") %}lua_shared_dict referrers_cache 10m;{% endif +%}
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_ban 10m;{% endif +%}
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_count 10m;{% endif +%}
+	{% if has_value("USE_LIMIT_REQ", "yes") %}lua_shared_dict limit_req {{ LIMIT_REQ_CACHE }};{% endif +%}
 	lua_shared_dict plugins_data 10m;
 	lua_shared_dict reserved_ips 1m;
 	{% if has_value("USE_REMOTE_API", "yes") %}lua_shared_dict remote_api 1m;{% endif +%}
 	{% if has_value("USE_REMOTE_API", "yes") %}lua_shared_dict remote_api_db 10m;{% endif +%}
 
 	# shared memory zone for limit_req
-	{% if has_value("USE_LIMIT_REQ", "yes") %}limit_req_zone $binary_remote_addr$uri zone=limit:{{ LIMIT_REQ_CACHE }} rate={{ LIMIT_REQ_RATE }};{% endif +%}
+	#{% if has_value("USE_LIMIT_REQ", "yes") %}limit_req_zone $binary_remote_addr$uri zone=limit:{{ LIMIT_REQ_CACHE }} rate={{ LIMIT_REQ_RATE }};{% endif +%}
 
 	# shared memory zone for limit_conn
 	{% if has_value("USE_LIMIT_CONN", "yes") %}limit_conn_zone $binary_remote_addr zone=ddos:{{ LIMIT_CONN_CACHE }};{% endif +%}

confs/site/log-lua.conf

@@ -1,6 +1,7 @@
 log_by_lua_block {
 
 local logger			= require "logger"
+local cjson			= require "cjson"
 
 -- bad behavior
 local use_bad_behavior		= {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif +%}
@@ -22,7 +23,7 @@ local use_remote_api            = {% if USE_REMOTE_API == "yes" %}true{% else %}
 local remoteapi			= require "remoteapi"
 local iputils			= require "resty.iputils"
 
-if use_remote_api and not iputils.ip_in_cidrs(ngx.var.remote_addr, ngx.shared.reserved_ips:get("data")) and ngx.shared.remote_api:get("id") ~= "empty" and ngx.shared.remote_api:get("ping") ~= "ko" then
+if use_remote_api and not iputils.ip_in_cidrs(ngx.var.remote_addr, cjson.decode(ngx.shared.reserved_ips:get("data"))) and ngx.shared.remote_api:get("id") ~= "empty" and ngx.shared.remote_api:get("ping") ~= "ko" then
 	if ngx.status == ngx.HTTP_FORBIDDEN then
 		local reason = "other"
 		if use_bad_behavior and new_bad_behavior_ban then

confs/site/main-lua.conf

@@ -57,6 +57,11 @@ local dnsbl_list		= {% raw %}{{% endraw %}{% if DNSBL_LIST != "" %}{% set elemen
 -- bad behavior
 local use_bad_behavior		= {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif +%}
 
+-- limit req
+local use_req_limit		= {% if USE_REQ_LIMIT == "yes" %}true{% else %}false{% endif +%}
+local limit_req_rate		= "{{ LIMIT_REQ_RATE }}"
+local limit_req_burst		= "{{ LIMIT_REQ_BURST }}"
+
 -- remote API
 local use_remote_api		= {% if USE_REMOTE_API == "yes" %}true{% else %}false{% endif +%}
 
@@ -73,6 +78,7 @@ local behavior			= require "behavior"
 local logger			= require "logger"
 local redis			= require "resty.redis"
 local checker			= require "checker"
+local limitreq			= require "limitreq"
 
 -- user variables
 local antibot_uri		= "{{ ANTIBOT_URI }}"
@@ -148,6 +154,11 @@ if use_bad_behavior and behavior.is_banned() then
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end
 
+-- check if IP is banned because of "request limit"
+-- if use_req_limit and reqlimit.check() then
+--	ngx.exit(ngx.HTTP_FORBIDDEN)
+-- end
+
 -- our redis client
 local redis_client = nil
 if use_redis then

confs/site/server.conf

@@ -65,9 +65,9 @@ server {
 	}
 
 	# requests limiting
-{% if USE_LIMIT_REQ == "yes" +%}
-	include {{ NGINX_PREFIX }}limit-req.conf;
-{% endif %}
+#{% if USE_LIMIT_REQ == "yes" +%}
+#	include {{ NGINX_PREFIX }}limit-req.conf;
+#{% endif %}
 
 	# connections limiting
 {% if USE_LIMIT_CONN == "yes" +%}