diff --git a/confs/site/antibot-captcha.conf b/confs/site/antibot-captcha.conf index 7722e2f..72f221e 100644 --- a/confs/site/antibot-captcha.conf +++ b/confs/site/antibot-captcha.conf @@ -7,6 +7,7 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local captcha = require "captcha" if not cookie.is_set("uri") then + ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (1) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local img, res = captcha.get_challenge() @@ -21,16 +22,19 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local captcha = require "captcha" if not cookie.is_set("captchares") then + ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (2) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end ngx.req.read_body() local args, err = ngx.req.get_post_args(1) if err == "truncated" or not args or not args["captcha"] then + ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (3) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local captcha_user = args["captcha"] local check = captcha.check(captcha_user, cookie.get("captchares")) if not check then + ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (4) for " .. ngx.var.remote_addr) return ngx.redirect("%ANTIBOT_URI%") end cookie.set({captcha = "ok"}) diff --git a/confs/site/antibot-javascript.conf b/confs/site/antibot-javascript.conf index 2f69019..a8037ee 100644 --- a/confs/site/antibot-javascript.conf +++ b/confs/site/antibot-javascript.conf @@ -7,6 +7,7 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local javascript = require "javascript" if not cookie.is_set("challenge") then + ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (1) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local challenge = cookie.get("challenge") @@ -20,16 +21,19 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local javascript = require "javascript" if not cookie.is_set("challenge") then + ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (2) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end ngx.req.read_body() local args, err = ngx.req.get_post_args(1) if err == "truncated" or not args or not args["challenge"] then + ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (3) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end - local challenge = args["challenge"] + local challenge = args["challenge"] local check = javascript.check(cookie.get("challenge"), challenge) if not check then + ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (4) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end cookie.set({javascript = "ok"}) diff --git a/confs/site/antibot-recaptcha.conf b/confs/site/antibot-recaptcha.conf index b7cbef2..7ca0430 100644 --- a/confs/site/antibot-recaptcha.conf +++ b/confs/site/antibot-recaptcha.conf @@ -7,6 +7,7 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local recaptcha = require "recaptcha" if not cookie.is_set("uri") then + ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (1) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%") @@ -19,17 +20,19 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local recaptcha = require "recaptcha" if not cookie.is_set("uri") then + ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (2) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end ngx.req.read_body() local args, err = ngx.req.get_post_args(1) if err == "truncated" or not args or not args["token"] then + ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (3) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local token = args["token"] local check = recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%") if check < %ANTIBOT_RECAPTCHA_SCORE% then - ngx.log(ngx.WARN, "client has recaptcha score of " .. tostring(check)) + ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")") return ngx.exit(ngx.HTTP_FORBIDDEN) end cookie.set({recaptcha = "ok"}) diff --git a/confs/site/main-lua.conf b/confs/site/main-lua.conf index 6343a23..44d6090 100644 --- a/confs/site/main-lua.conf +++ b/confs/site/main-lua.conf @@ -80,22 +80,26 @@ end -- check if user-agent is allowed if use_user_agent and ngx.var.bad_user_agent == "yes" then + ngx.log(ngx.WARN, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end -- check if referrer is allowed if use_referrer and ngx.var.bad_referrer == "yes" then + ngx.log(ngx.WARN, "[BLOCK] Referrer " .. ngx.var.http_referer .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end -- check if country is allowed if use_country and ngx.var.allowed_country == "no" then + ngx.log(ngx.WARN, "[BLOCK] Country of " .. ngx.var.remote_addr .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end -- check if IP is in DNSBLs (only if not in cache) if use_dnsbl and not dnsbl.cached() then if dnsbl.check() then + ngx.log(ngx.WARN, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in DNSBL") ngx.exit(ngx.HTTP_FORBIDDEN) end end @@ -119,6 +123,7 @@ if use_antibot_cookie then cookie.set({uri = ngx.var.request_uri}) return ngx.redirect(antibot_uri) end + ngx.log(ngx.WARN, "[ANTIBOT] cookie fail for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) else if ngx.var.request_uri == antibot_uri then @@ -140,7 +145,7 @@ end -- captcha check if use_antibot_captcha then if not cookie.is_set("captcha") then - if ngx.var.request_uri ~= antibot_uri and ngx.var.request_uri ~= "/favicon.ico" then + if ngx.var.request_uri ~= antibot_uri then cookie.set({uri = ngx.var.request_uri}) return ngx.redirect(antibot_uri) end @@ -150,7 +155,7 @@ end -- recaptcha check if use_antibot_recaptcha then if not cookie.is_set("recaptcha") then - if ngx.var.request_uri ~= antibot_uri and ngx.var.request_uri ~= "/favicon.ico" then + if ngx.var.request_uri ~= antibot_uri then cookie.set({uri = ngx.var.request_uri}) return ngx.redirect(antibot_uri) end