crowdsec - move as external plugin
This commit is contained in:
bunkerity
@@ -9,7 +9,6 @@ local use_abusers = {% if has_value("BLOCK_ABUSERS", "yes") %}true{% else %}fal
|
||||
local use_tor_exit_nodes = {% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}true{% else %}false{% endif +%}
|
||||
local use_user_agents = {% if has_value("BLOCK_USER_AGENT", "yes") %}true{% else %}false{% endif +%}
|
||||
local use_referrers = {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif +%}
|
||||
local use_crowdsec = {% if has_value("USE_CROWDSEC", "yes") %}true{% else %}false{% endif +%}
|
||||
|
||||
if use_proxies then
|
||||
dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
|
||||
@@ -31,16 +30,6 @@ if use_referrers then
|
||||
dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
|
||||
end
|
||||
|
||||
if use_crowdsec then
|
||||
local cs = require "crowdsec.CrowdSec"
|
||||
local ok, err = cs.init("/etc/nginx/crowdsec.conf")
|
||||
if ok == nil then
|
||||
logger.log(ngx.ERR, "CROWDSEC", err)
|
||||
error()
|
||||
end
|
||||
logger.log(ngx.ERR, "CROWDSEC", "*NOT AN ERROR* initialisation done")
|
||||
end
|
||||
|
||||
-- Load plugins
|
||||
ngx.shared.plugins_data:safe_set("plugins", nil, 0)
|
||||
local p = io.popen("find /opt/bunkerized-nginx/plugins -maxdepth 1 -type d ! -path /opt/bunkerized-nginx/plugins")
|
||||
@@ -54,14 +43,24 @@ for dir in p:lines() do
|
||||
ngx.shared.plugins_data:safe_set(data.id .. "_" .. k, v, 0)
|
||||
end
|
||||
file:close()
|
||||
-- store plugin
|
||||
local plugins, flags = ngx.shared.plugins_data:get("plugins")
|
||||
if plugins == nil then
|
||||
ngx.shared.plugins_data:safe_set("plugins", data.id, 0)
|
||||
else
|
||||
ngx.shared.plugins_data:safe_set("plugins", plugins .. " " .. data.id, 0)
|
||||
-- call init
|
||||
local plugin = require(data.id .. "/" .. data.id)
|
||||
local init = true
|
||||
if plugin["init"] ~= nil then
|
||||
init = plugin.init()
|
||||
end
|
||||
-- store plugin
|
||||
if init then
|
||||
local plugins, flags = ngx.shared.plugins_data:get("plugins")
|
||||
if plugins == nil then
|
||||
ngx.shared.plugins_data:safe_set("plugins", data.id, 0)
|
||||
else
|
||||
ngx.shared.plugins_data:safe_set("plugins", plugins .. " " .. data.id, 0)
|
||||
end
|
||||
logger.log(ngx.ERR, "PLUGINS", "*NOT AN ERROR* plugin " .. data.name .. "/" .. data.version .. " has been loaded")
|
||||
else
|
||||
logger.log(ngx.ERR, "PLUGINS", "init failed for plugin " .. data.name .. "/" .. data.version)
|
||||
end
|
||||
logger.log(ngx.ERR, "PLUGINS", "*NOT AN ERROR* plugin " .. data.name .. "/" .. data.version .. " has been loaded")
|
||||
else
|
||||
logger.log(ngx.ERR, "PLUGINS", "Can't load " .. dir .. "/plugin.json")
|
||||
end
|
||||
|
||||
@@ -25,9 +25,6 @@ local use_referrers = {% if BLOCK_REFERRER == "yes" %}true{% else %}false{% end
|
||||
-- countries
|
||||
local use_country = {% if WHITELIST_COUNTRY != "" or BLACKLIST_COUNTRY != "" %}true{% else %}false{% endif +%}
|
||||
|
||||
-- crowdsec
|
||||
local use_crowdsec = {% if USE_CROWDSEC == "yes" %}true{% else %}false{% endif +%}
|
||||
|
||||
-- antibot
|
||||
local use_antibot_cookie = {% if USE_ANTIBOT == "cookie" %}true{% else %}false{% endif +%}
|
||||
local use_antibot_javascript = {% if USE_ANTIBOT == "javascript" %}true{% else %}false{% endif +%}
|
||||
@@ -238,18 +235,6 @@ if use_dnsbl and not dnsbl.cached() then
|
||||
end
|
||||
end
|
||||
|
||||
-- check if IP is in CrowdSec DB
|
||||
if use_crowdsec then
|
||||
local ok, err = require "crowdsec.CrowdSec".allowIp(ngx.var.remote_addr)
|
||||
if ok == nil then
|
||||
logger.log(ngx.ERR, "CROWDSEC", err)
|
||||
end
|
||||
if not ok then
|
||||
logger.log(ngx.WARN, "CROWDSEC", "denied " .. ngx.var.remote_addr)
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
|
||||
-- cookie check
|
||||
if use_antibot_cookie and ngx.var.uri ~= "/favicon.ico" then
|
||||
if not cookie.is_set("uri") then
|
||||
|
||||
Reference in New Issue
Block a user