logs/lua - add logger tool
This commit is contained in:
bunkerity
@@ -1,4 +1,5 @@
|
||||
local M = {}
|
||||
local M = {}
|
||||
local logger = require "logger"
|
||||
|
||||
function M.is_banned ()
|
||||
return ngx.shared.behavior_ban:get(ngx.var.remote_addr) == true
|
||||
@@ -14,14 +15,14 @@ function M.count (status_codes, threshold, count_time, ban_time)
|
||||
count = count + 1
|
||||
local ok, err = ngx.shared.behavior_count:set(ngx.var.remote_addr, count, count_time)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_count")
|
||||
logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_count")
|
||||
return
|
||||
end
|
||||
if count >= threshold then
|
||||
ngx.log(ngx.NOTICE, "[BEHAVIOR] threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds")
|
||||
logger.log(ngx.WARN, "BEHAVIOR", "threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds")
|
||||
local ok, err = ngx.shared.behavior_ban:safe_set(ngx.var.remote_addr, true, ban_time)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_ban")
|
||||
logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_ban")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.ip_cached_ko ()
|
||||
return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) == "ko"
|
||||
@@ -23,7 +24,7 @@ function M.check_ip (ip_list)
|
||||
local blacklist = iputils.parse_cidrs(ip_list)
|
||||
if iputils.ip_in_cidrs(ngx.var.remote_addr, blacklist) then
|
||||
ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in blacklist")
|
||||
logger.log(ngx.WARN, "BLACKLIST", "ip " .. ngx.var.remote_addr .. " is in blacklist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
@@ -38,7 +39,7 @@ function M.check_reverse (reverse_list, resolvers)
|
||||
for k, v in ipairs(reverse_list) do
|
||||
if rdns:sub(-#v) == v then
|
||||
ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in blacklist")
|
||||
logger.log(ngx.WARN, "BLACKLIST", "reverse " .. rdns .. " is in blacklist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
local M = {}
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.flush_dict (dict)
|
||||
local keys = dict:get_keys(0)
|
||||
@@ -12,7 +13,7 @@ function M.load_ip (path, dict)
|
||||
M.flush_dict(dict)
|
||||
local file = io.open(path, "r")
|
||||
if not file then
|
||||
ngx.log(ngx.ERR, "[INIT] can't open " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "can't open " .. path)
|
||||
else
|
||||
io.input(file)
|
||||
local i = 0
|
||||
@@ -24,7 +25,7 @@ function M.load_ip (path, dict)
|
||||
while bin_ip <= upper do
|
||||
local ok, err = dict:safe_set(bin_ip, true, 0)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
|
||||
continue = false
|
||||
break
|
||||
end
|
||||
@@ -40,7 +41,7 @@ function M.load_ip (path, dict)
|
||||
break
|
||||
end
|
||||
end
|
||||
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path)
|
||||
io.close(file)
|
||||
end
|
||||
end
|
||||
@@ -49,19 +50,19 @@ function M.load_raw (path, dict)
|
||||
M.flush_dict(dict)
|
||||
local file = io.open(path, "r")
|
||||
if not file then
|
||||
ngx.log(ngx.ERR, "[INIT] can't open " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "can't open " .. path)
|
||||
else
|
||||
io.input(file)
|
||||
local i = 0
|
||||
for line in io.lines() do
|
||||
local ok, err = dict:safe_set(line, true, 0)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
|
||||
break
|
||||
end
|
||||
i = i + 1
|
||||
end
|
||||
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path)
|
||||
logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path)
|
||||
io.close(file)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
local M = {}
|
||||
local dns = require "dns"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.cached_ko ()
|
||||
return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko"
|
||||
@@ -18,7 +19,7 @@ function M.check (dnsbls, resolvers)
|
||||
local a,b,c,d = v2:match("([%d]+).([%d]+).([%d]+).([%d]+)")
|
||||
if a == "127" then
|
||||
ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ko", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v)
|
||||
logger.log(ngx.WARN, "DNSBL", "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v)
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
||||
8
lua/logger.lua
Normal file
8
lua/logger.lua
Normal file
@@ -0,0 +1,8 @@
|
||||
local M = {}
|
||||
local errlog = require "ngx.errlog"
|
||||
|
||||
function M.log (level, prefix, msg)
|
||||
errlog.raw_log(level, "[" .. prefix .. "] " .. msg)
|
||||
end
|
||||
|
||||
return M
|
||||
@@ -1,6 +1,7 @@
|
||||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local M = {}
|
||||
local dns = require "dns"
|
||||
local iputils = require "resty.iputils"
|
||||
local logger = require "logger"
|
||||
|
||||
function M.ip_cached_ok ()
|
||||
return ngx.shared.whitelist_ip_cache:get(ngx.var.remote_addr) == "ok"
|
||||
@@ -23,7 +24,7 @@ function M.check_ip (ip_list)
|
||||
local whitelist = iputils.parse_cidrs(ip_list)
|
||||
if iputils.ip_in_cidrs(ngx.var.remote_addr, whitelist) then
|
||||
ngx.shared.whitelist_ip_cache:set(ngx.var.remote_addr, "ok", 86400)
|
||||
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in whitelist")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "ip " .. ngx.var.remote_addr .. " is in whitelist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
@@ -47,7 +48,7 @@ function M.check_reverse (reverse_list, resolvers)
|
||||
for k, v in ipairs(ips) do
|
||||
if v == ngx.var.remote_addr then
|
||||
ngx.shared.whitelist_reverse_cache:set(ngx.var.remote_addr, "ok", 86400)
|
||||
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in whitelist")
|
||||
logger.log(ngx.NOTICE, "WHITELIST", "reverse " .. rdns .. " is in whitelist")
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user