Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

logs/lua - add logger tool

Browse Source
This commit is contained in:
bunkerity 2021-05-19 11:11:18 +02:00
parent de560490d3
commit 8260746fe1
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
13 changed files with 81 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
confs/global/api-temp.conf
View File

@ -10,14 +10,15 @@ rewrite_by_lua_block {
local api = require "api" local api = require "api"
local api_whitelist_ip = {%API_WHITELIST_IP%} local api_whitelist_ip = {%API_WHITELIST_IP%}
local api_uri = "%API_URI%" local api_uri = "%API_URI%"
local logger = require "logger"
if api.is_api_call(api_uri, api_whitelist_ip) then if api.is_api_call(api_uri, api_whitelist_ip) then
ngx.header.content_type = 'text/plain' ngx.header.content_type = 'text/plain'
if api.do_api_call(api_uri) then if api.do_api_call(api_uri) then
ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) logger.log(ngx.NOTICE, "API", "API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
ngx.say("ok") ngx.say("ok")
else else
ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr) logger.log(ngx.WARN, "API", "API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
ngx.say("ko") ngx.say("ko")
end end

5
confs/global/api.conf
View File

@ -3,14 +3,15 @@ rewrite_by_lua_block {
local api = require "api" local api = require "api"
local api_whitelist_ip = {%API_WHITELIST_IP%} local api_whitelist_ip = {%API_WHITELIST_IP%}
local api_uri = "%API_URI%" local api_uri = "%API_URI%"
local logger = require "logger"
if api.is_api_call(api_uri, api_whitelist_ip) then if api.is_api_call(api_uri, api_whitelist_ip) then
ngx.header.content_type = 'text/plain' ngx.header.content_type = 'text/plain'
if api.do_api_call(api_uri) then if api.do_api_call(api_uri) then
ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) logger.log(ngx.NOTICE, "API", "API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
ngx.say("ok") ngx.say("ok")
else else
ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr) logger.log(ngx.WARN, "API", "API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr)
ngx.say("ko") ngx.say("ko")
end end

5
confs/global/init-lua.conf
View File

@ -1,6 +1,7 @@
init_by_lua_block { init_by_lua_block {
local dataloader = require "dataloader" local dataloader = require "dataloader"
local logger = require "logger"
local use_proxies = %USE_PROXIES% local use_proxies = %USE_PROXIES%
local use_abusers = %USE_ABUSERS% local use_abusers = %USE_ABUSERS%
@ -33,10 +34,10 @@ if use_crowdsec then
local cs = require "crowdsec.CrowdSec" local cs = require "crowdsec.CrowdSec"
local ok, err = cs.init("/etc/nginx/crowdsec.conf") local ok, err = cs.init("/etc/nginx/crowdsec.conf")
if ok == nil then if ok == nil then
ngx.log(ngx.ERR, "[CROWDSEC] " .. err) logger.log(ngx.ERR, "CROWDSEC", err)
error() error()
end end
ngx.log(ngx.ERR, "[CROWDSEC] *NOT AN ERROR* initialisation done") logger.log(ngx.ERR, "CROWDSEC" "*NOT AN ERROR* initialisation done")
end end
} }

10
confs/site/antibot-captcha.conf
View File

@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
content_by_lua_block { content_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local captcha = require "captcha" local captcha = require "captcha"
local logger = require "logger"
if not cookie.is_set("uri") then if not cookie.is_set("uri") then
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (1) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "captcha fail (1) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local img, res = captcha.get_challenge() local img, res = captcha.get_challenge()
@ -21,20 +22,21 @@ location = %ANTIBOT_URI% {
access_by_lua_block { access_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local captcha = require "captcha" local captcha = require "captcha"
local logger = require "logger"
if not cookie.is_set("captchares") then if not cookie.is_set("captchares") then
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (2) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "captcha fail (2) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
ngx.req.read_body() ngx.req.read_body()
local args, err = ngx.req.get_post_args(1) local args, err = ngx.req.get_post_args(1)
if err == "truncated" or not args or not args["captcha"] then if err == "truncated" or not args or not args["captcha"] then
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (3) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "captcha fail (3) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local captcha_user = args["captcha"] local captcha_user = args["captcha"]
local check = captcha.check(captcha_user, cookie.get("captchares")) local check = captcha.check(captcha_user, cookie.get("captchares"))
if not check then if not check then
ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (4) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "captcha fail (4) for " .. ngx.var.remote_addr)
return ngx.redirect("%ANTIBOT_URI%") return ngx.redirect("%ANTIBOT_URI%")
end end
cookie.set({captcha = "ok"}) cookie.set({captcha = "ok"})

10
confs/site/antibot-javascript.conf
View File

@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
content_by_lua_block { content_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local javascript = require "javascript" local javascript = require "javascript"
local logger = require "logger"
if not cookie.is_set("challenge") then if not cookie.is_set("challenge") then
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (1) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "javascript fail (1) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local challenge = cookie.get("challenge") local challenge = cookie.get("challenge")
@ -20,20 +21,21 @@ location = %ANTIBOT_URI% {
content_by_lua_block { content_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local javascript = require "javascript" local javascript = require "javascript"
local logger = require "logger"
if not cookie.is_set("challenge") then if not cookie.is_set("challenge") then
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (2) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "javascript fail (2) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
ngx.req.read_body() ngx.req.read_body()
local args, err = ngx.req.get_post_args(1) local args, err = ngx.req.get_post_args(1)
if err == "truncated" or not args or not args["challenge"] then if err == "truncated" or not args or not args["challenge"] then
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (3) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "javascript fail (3) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local challenge = args["challenge"] local challenge = args["challenge"]
local check = javascript.check(cookie.get("challenge"), challenge) local check = javascript.check(cookie.get("challenge"), challenge)
if not check then if not check then
ngx.log(ngx.WARN, "[ANTIBOT] javascript fail (4) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "javascript fail (4) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
cookie.set({javascript = "ok"}) cookie.set({javascript = "ok"})

10
confs/site/antibot-recaptcha.conf
View File

@ -6,8 +6,9 @@ location = %ANTIBOT_URI% {
content_by_lua_block { content_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local recaptcha = require "recaptcha" local recaptcha = require "recaptcha"
local loggger = require "logger"
if not cookie.is_set("uri") then if not cookie.is_set("uri") then
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (1) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (1) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%") local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%")
@ -19,20 +20,21 @@ location = %ANTIBOT_URI% {
access_by_lua_block { access_by_lua_block {
local cookie = require "cookie" local cookie = require "cookie"
local recaptcha = require "recaptcha" local recaptcha = require "recaptcha"
local logger = require "logger"
if not cookie.is_set("uri") then if not cookie.is_set("uri") then
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (2) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (2) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
ngx.req.read_body() ngx.req.read_body()
local args, err = ngx.req.get_post_args(1) local args, err = ngx.req.get_post_args(1)
if err == "truncated" or not args or not args["token"] then if err == "truncated" or not args or not args["token"] then
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (3) for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (3) for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
local token = args["token"] local token = args["token"]
local check = recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%") local check = recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%")
if check < %ANTIBOT_RECAPTCHA_SCORE% then if check < %ANTIBOT_RECAPTCHA_SCORE% then
ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")") logger.log(ngx.WARN, "ANTIBOT", "recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")")
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
end end
cookie.set({recaptcha = "ok"}) cookie.set({recaptcha = "ok"})

26
confs/site/main-lua.conf
View File

@ -57,6 +57,7 @@ local captcha = require "captcha"
local recaptcha = require "recaptcha" local recaptcha = require "recaptcha"
local iputils = require "resty.iputils" local iputils = require "resty.iputils"
local behavior = require "behavior" local behavior = require "behavior"
local logger = require "logger"
-- user variables -- user variables
local antibot_uri = "%ANTIBOT_URI%" local antibot_uri = "%ANTIBOT_URI%"
@ -101,13 +102,14 @@ end
-- check if URI is whitelisted -- check if URI is whitelisted
for k, v in pairs(whitelist_uri) do for k, v in pairs(whitelist_uri) do
if ngx.var.request_uri == v then if ngx.var.request_uri == v then
ngx.log(ngx.NOTICE, "[WHITELIST] URI " .. v .. " is whitelisted") logger.log(ngx.NOTICE, "WHITELIST", "URI " .. v .. " is whitelisted")
ngx.exit(ngx.OK) ngx.exit(ngx.OK)
end end
end end
-- check if it's certbot -- check if it's certbot
if use_lets_encrypt and string.match(ngx.var.request_uri, "^/.well-known/acme-challenge/") then if use_lets_encrypt and string.match(ngx.var.request_uri, "^/.well-known/acme-challenge/") then
logger.log(ngx.INFO, "LETSENCRYPT", "got a visit from Let's Encrypt")
ngx.exit(ngx.OK) ngx.exit(ngx.OK)
end end
@ -127,7 +129,7 @@ end
-- check if IP is banned because of "bad behavior" -- check if IP is banned because of "bad behavior"
if use_bad_behavior and behavior.is_banned() then if use_bad_behavior and behavior.is_banned() then
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is banned because of bad behavior") logger.log(ngx.WARN, "BEHAVIOR", "IP " .. ngx.var.remote_addr .. " is banned because of bad behavior")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
@ -135,7 +137,7 @@ end
if use_proxies then if use_proxies then
local value, flags = ngx.shared.proxies_data:get(iputils.ip2bin(ngx.var.remote_addr)) local value, flags = ngx.shared.proxies_data:get(iputils.ip2bin(ngx.var.remote_addr))
if value ~= nil then if value ~= nil then
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in proxies list") logger.log(ngx.WARN, "PROXIES", "IP " .. ngx.var.remote_addr .. " is in proxies list")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
@ -144,7 +146,7 @@ end
if use_abusers then if use_abusers then
local value, flags = ngx.shared.abusers_data:get(iputils.ip2bin(ngx.var.remote_addr)) local value, flags = ngx.shared.abusers_data:get(iputils.ip2bin(ngx.var.remote_addr))
if value ~= nil then if value ~= nil then
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in abusers list") logger.log(ngx.WARN, "ABUSERS", "IP " .. ngx.var.remote_addr .. " is in abusers list")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
@ -153,7 +155,7 @@ end
if use_tor_exit_nodes then if use_tor_exit_nodes then
local value, flags = ngx.shared.tor_exit_nodes_data:get(iputils.ip2bin(ngx.var.remote_addr)) local value, flags = ngx.shared.tor_exit_nodes_data:get(iputils.ip2bin(ngx.var.remote_addr))
if value ~= nil then if value ~= nil then
ngx.log(ngx.NOTICE, "[BLOCK] IP " .. ngx.var.remote_addr .. " is in TOR exit nodes list") logger.log(ngx.WARN, "TOR", "IP " .. ngx.var.remote_addr .. " is in TOR exit nodes list")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
@ -163,7 +165,7 @@ if use_user_agents and ngx.var.http_user_agent ~= nil then
local whitelisted = false local whitelisted = false
for k, v in pairs(whitelist_user_agent) do for k, v in pairs(whitelist_user_agent) do
if string.match(ngx.var.http_user_agent, v) then if string.match(ngx.var.http_user_agent, v) then
ngx.log(ngx.NOTICE, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted") logger.log(ngx.NOTICE, "WHITELIST", "User-Agent " .. ngx.var.http_user_agent .. " is whitelisted")
whitelisted = true whitelisted = true
break break
end end
@ -185,7 +187,7 @@ if use_user_agents and ngx.var.http_user_agent ~= nil then
end end
end end
if value == "ko" then if value == "ko" then
ngx.log(ngx.NOTICE, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted") logger.log(ngx.WARN, "USER-AGENT", "User-Agent " .. ngx.var.http_user_agent .. " is blacklisted")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
@ -209,14 +211,14 @@ if use_referrer and ngx.var.http_referer ~= nil then
end end
end end
if value == "ko" then if value == "ko" then
ngx.log(ngx.NOTICE, "[BLOCK] Referrer " .. ngx.var.http_referer .. " is blacklisted") logger.log(ngx.WARN, "REFERRER", "Referrer " .. ngx.var.http_referer .. " is blacklisted")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
-- check if country is allowed -- check if country is allowed
if use_country and ngx.var.allowed_country == "no" then if use_country and ngx.var.allowed_country == "no" then
ngx.log(ngx.NOTICE, "[BLOCK] Country of " .. ngx.var.remote_addr .. " is blacklisted") logger.log(ngx.WARN, "COUNTRY", "Country of " .. ngx.var.remote_addr .. " is blacklisted")
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
@ -231,10 +233,10 @@ end
if use_crowdsec then if use_crowdsec then
local ok, err = require "crowdsec.CrowdSec".allowIp(ngx.var.remote_addr) local ok, err = require "crowdsec.CrowdSec".allowIp(ngx.var.remote_addr)
if ok == nil then if ok == nil then
ngx.log(ngx.ERR, "[Crowdsec] " .. err) logger.log(ngx.ERR, "CROWDSEC", err)
end end
if not ok then if not ok then
ngx.log(ngx.NOTICE, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "'") logger.log(ngx.WARN, "CROWDSEC", "denied " .. ngx.var.remote_addr)
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
end end
@ -246,7 +248,7 @@ if use_antibot_cookie then
cookie.set({uri = ngx.var.request_uri}) cookie.set({uri = ngx.var.request_uri})
return ngx.redirect(antibot_uri) return ngx.redirect(antibot_uri)
end end
ngx.log(ngx.NOTICE, "[ANTIBOT] cookie fail for " .. ngx.var.remote_addr) logger.log(ngx.WARN, "ANTIBOT", "cookie fail for " .. ngx.var.remote_addr)
return ngx.exit(ngx.HTTP_FORBIDDEN) return ngx.exit(ngx.HTTP_FORBIDDEN)
else else
if ngx.var.request_uri == antibot_uri then if ngx.var.request_uri == antibot_uri then

7
lua/behavior.lua
View File

@ -1,4 +1,5 @@
local M = {} local M = {}
local logger = require "logger"
function M.is_banned () function M.is_banned ()
return ngx.shared.behavior_ban:get(ngx.var.remote_addr) == true return ngx.shared.behavior_ban:get(ngx.var.remote_addr) == true
@ -14,14 +15,14 @@ function M.count (status_codes, threshold, count_time, ban_time)
count = count + 1 count = count + 1
local ok, err = ngx.shared.behavior_count:set(ngx.var.remote_addr, count, count_time) local ok, err = ngx.shared.behavior_count:set(ngx.var.remote_addr, count, count_time)
if not ok then if not ok then
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_count") logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_count")
return return
end end
if count >= threshold then if count >= threshold then
ngx.log(ngx.NOTICE, "[BEHAVIOR] threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds") logger.log(ngx.WARN, "BEHAVIOR", "threshold reached for " .. ngx.var.remote_addr .. " (" .. count .. " / " .. threshold .. ") : IP is banned for " .. ban_time .. " seconds")
local ok, err = ngx.shared.behavior_ban:safe_set(ngx.var.remote_addr, true, ban_time) local ok, err = ngx.shared.behavior_ban:safe_set(ngx.var.remote_addr, true, ban_time)
if not ok then if not ok then
ngx.log(ngx.ERR, "[BEHAVIOR] not enough memory allocated to behavior_ip_ban") logger.log(ngx.ERR, "BEHAVIOR", "not enough memory allocated to behavior_ip_ban")
return return
end end
end end

5
lua/blacklist.lua
View File

@ -1,6 +1,7 @@
local M = {} local M = {}
local dns = require "dns" local dns = require "dns"
local iputils = require "resty.iputils" local iputils = require "resty.iputils"
local logger = require "logger"
function M.ip_cached_ko () function M.ip_cached_ko ()
return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) == "ko" return ngx.shared.blacklist_ip_cache:get(ngx.var.remote_addr) == "ko"
@ -23,7 +24,7 @@ function M.check_ip (ip_list)
local blacklist = iputils.parse_cidrs(ip_list) local blacklist = iputils.parse_cidrs(ip_list)
if iputils.ip_in_cidrs(ngx.var.remote_addr, blacklist) then if iputils.ip_in_cidrs(ngx.var.remote_addr, blacklist) then
ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ko", 86400) ngx.shared.blacklist_ip_cache:set(ngx.var.remote_addr, "ko", 86400)
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in blacklist") logger.log(ngx.WARN, "BLACKLIST", "ip " .. ngx.var.remote_addr .. " is in blacklist")
return true return true
end end
end end
@ -38,7 +39,7 @@ function M.check_reverse (reverse_list, resolvers)
for k, v in ipairs(reverse_list) do for k, v in ipairs(reverse_list) do
if rdns:sub(-#v) == v then if rdns:sub(-#v) == v then
ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ko", 86400) ngx.shared.blacklist_reverse_cache:set(ngx.var.remote_addr, "ko", 86400)
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in blacklist") logger.log(ngx.WARN, "BLACKLIST", "reverse " .. rdns .. " is in blacklist")
return true return true
end end
end end

13
lua/dataloader.lua
View File

@ -1,5 +1,6 @@
local M = {} local M = {}
local iputils = require "resty.iputils" local iputils = require "resty.iputils"
local logger = require "logger"
function M.flush_dict (dict) function M.flush_dict (dict)
local keys = dict:get_keys(0) local keys = dict:get_keys(0)
@ -12,7 +13,7 @@ function M.load_ip (path, dict)
M.flush_dict(dict) M.flush_dict(dict)
local file = io.open(path, "r") local file = io.open(path, "r")
if not file then if not file then
ngx.log(ngx.ERR, "[INIT] can't open " .. path) logger.log(ngx.ERR, "INIT", "can't open " .. path)
else else
io.input(file) io.input(file)
local i = 0 local i = 0
@ -24,7 +25,7 @@ function M.load_ip (path, dict)
while bin_ip <= upper do while bin_ip <= upper do
local ok, err = dict:safe_set(bin_ip, true, 0) local ok, err = dict:safe_set(bin_ip, true, 0)
if not ok then if not ok then
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path) logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
continue = false continue = false
break break
end end
@ -40,7 +41,7 @@ function M.load_ip (path, dict)
break break
end end
end end
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path) logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " IPs from " .. path)
io.close(file) io.close(file)
end end
end end
@ -49,19 +50,19 @@ function M.load_raw (path, dict)
M.flush_dict(dict) M.flush_dict(dict)
local file = io.open(path, "r") local file = io.open(path, "r")
if not file then if not file then
ngx.log(ngx.ERR, "[INIT] can't open " .. path) logger.log(ngx.ERR, "INIT", "can't open " .. path)
else else
io.input(file) io.input(file)
local i = 0 local i = 0
for line in io.lines() do for line in io.lines() do
local ok, err = dict:safe_set(line, true, 0) local ok, err = dict:safe_set(line, true, 0)
if not ok then if not ok then
ngx.log(ngx.ERR, "[INIT] not enough memory allocated to load data from " .. path) logger.log(ngx.ERR, "INIT", "not enough memory allocated to load data from " .. path)
break break
end end
i = i + 1 i = i + 1
end end
ngx.log(ngx.ERR, "[INIT] *NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path) logger.log(ngx.ERR, "INIT", "*NOT AN ERROR* loaded " .. tostring(i) .. " entries from " .. path)
io.close(file) io.close(file)
end end
end end

3
lua/dnsbl.lua
View File

@ -1,5 +1,6 @@
local M = {} local M = {}
local dns = require "dns" local dns = require "dns"
local logger = require "logger"
function M.cached_ko () function M.cached_ko ()
return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko" return ngx.shared.dnsbl_cache:get(ngx.var.remote_addr) == "ko"
@ -18,7 +19,7 @@ function M.check (dnsbls, resolvers)
local a,b,c,d = v2:match("([%d]+).([%d]+).([%d]+).([%d]+)") local a,b,c,d = v2:match("([%d]+).([%d]+).([%d]+).([%d]+)")
if a == "127" then if a == "127" then
ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ko", 86400) ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ko", 86400)
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v) logger.log(ngx.WARN, "DNSBL", "ip " .. ngx.var.remote_addr .. " is in DNSBL " .. v)
return true return true
end end
end end

8
lua/logger.lua Normal file
View File

@ -0,0 +1,8 @@
local M = {}
local errlog = require "ngx.errlog"
function M.log (level, prefix, msg)
errlog.raw_log(level, "[" .. prefix .. "] " .. msg)
end
return M

5
lua/whitelist.lua
View File

@ -1,6 +1,7 @@
local M = {} local M = {}
local dns = require "dns" local dns = require "dns"
local iputils = require "resty.iputils" local iputils = require "resty.iputils"
local logger = require "logger"
function M.ip_cached_ok () function M.ip_cached_ok ()
return ngx.shared.whitelist_ip_cache:get(ngx.var.remote_addr) == "ok" return ngx.shared.whitelist_ip_cache:get(ngx.var.remote_addr) == "ok"
@ -23,7 +24,7 @@ function M.check_ip (ip_list)
local whitelist = iputils.parse_cidrs(ip_list) local whitelist = iputils.parse_cidrs(ip_list)
if iputils.ip_in_cidrs(ngx.var.remote_addr, whitelist) then if iputils.ip_in_cidrs(ngx.var.remote_addr, whitelist) then
ngx.shared.whitelist_ip_cache:set(ngx.var.remote_addr, "ok", 86400) ngx.shared.whitelist_ip_cache:set(ngx.var.remote_addr, "ok", 86400)
ngx.log(ngx.NOTICE, "ip " .. ngx.var.remote_addr .. " is in whitelist") logger.log(ngx.NOTICE, "WHITELIST", "ip " .. ngx.var.remote_addr .. " is in whitelist")
return true return true
end end
end end
@ -47,7 +48,7 @@ function M.check_reverse (reverse_list, resolvers)
for k, v in ipairs(ips) do for k, v in ipairs(ips) do
if v == ngx.var.remote_addr then if v == ngx.var.remote_addr then
ngx.shared.whitelist_reverse_cache:set(ngx.var.remote_addr, "ok", 86400) ngx.shared.whitelist_reverse_cache:set(ngx.var.remote_addr, "ok", 86400)
ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in whitelist") logger.log(ngx.NOTICE, "WHITELIST", "reverse " .. rdns .. " is in whitelist")
return true return true
end end
end end