disable country ban if IP is local, update default values of PERMISSIONS_POLICY and FEATURE_POLICY, upgrade archlinux packages before testing

2021-10-21 15:40:20 +02:00
parent ab00381746
commit 6546a0edb7
4 changed files with 10 additions and 5 deletions
--- a/confs/site/main-lua.conf
+++ b/confs/site/main-lua.conf
@@ -66,15 +66,16 @@ local use_remote_api		= {% if USE_REMOTE_API == "yes" %}true{% else %}false{% en
 -- include LUA code
 local whitelist			= require "whitelist"
 local blacklist			= require "blacklist"
-local dnsbl			= require "dnsbl"
+local dnsbl				= require "dnsbl"
 local cookie			= require "cookie"
+local cjson				= require "cjson"
 local javascript		= require "javascript"
 local captcha			= require "captcha"
 local recaptcha			= require "recaptcha"
 local iputils			= require "resty.iputils"
 local behavior			= require "behavior"
 local logger			= require "logger"
-local redis			= require "resty.redis"
+local redis				= require "resty.redis"
 local checker			= require "checker"
 local limitreq			= require "limitreq"

@@ -243,7 +244,7 @@ if use_referrer and ngx.var.http_referer ~= nil then
 end

 -- check if country is allowed
-if use_country and ngx.var.allowed_country == "no" then
+if use_country and ngx.var.allowed_country == "no" and not iputils.ip_in_cidrs(ngx.var.remote_addr, cjson.decode(ngx.shared.reserved_ips:get("data"))) then
 	logger.log(ngx.WARN, "COUNTRY", "Country of " .. ngx.var.remote_addr .. " is blacklisted")
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end