From 843644f8064263aaecde9e04c281cf6df073bd3f Mon Sep 17 00:00:00 2001 From: bunkerity Date: Tue, 27 Apr 2021 09:57:07 +0200 Subject: [PATCH] log - replace some WARN tags from LUA logs with NOTICE to avoid confusion --- confs/global/api-temp.conf | 2 +- confs/global/api.conf | 2 +- confs/global/crowdsec.conf | 2 +- confs/global/nginx.conf | 2 +- confs/site/antibot-captcha.conf | 8 ++++---- confs/site/antibot-recaptcha.conf | 8 ++++---- confs/site/main-lua.conf | 14 +++++++------- lua/blacklist.lua | 4 ++-- lua/dnsbl.lua | 2 +- lua/whitelist.lua | 4 ++-- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/confs/global/api-temp.conf b/confs/global/api-temp.conf index 67819d7..bdf46ae 100644 --- a/confs/global/api-temp.conf +++ b/confs/global/api-temp.conf @@ -13,7 +13,7 @@ rewrite_by_lua_block { if api.is_api_call(api_uri) then ngx.header.content_type = 'text/plain' if api.do_api_call(api_uri) then - ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) ngx.say("ok") else ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr) diff --git a/confs/global/api.conf b/confs/global/api.conf index 2bc1773..86aae9d 100644 --- a/confs/global/api.conf +++ b/confs/global/api.conf @@ -6,7 +6,7 @@ rewrite_by_lua_block { if api.is_api_call(api_uri) then ngx.header.content_type = 'text/plain' if api.do_api_call(api_uri) then - ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr) ngx.say("ok") else ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " failed from " .. ngx.var.remote_addr) diff --git a/confs/global/crowdsec.conf b/confs/global/crowdsec.conf index 6917259..617788f 100644 --- a/confs/global/crowdsec.conf +++ b/confs/global/crowdsec.conf @@ -5,5 +5,5 @@ init_by_lua_block { ngx.log(ngx.ERR, "[Crowdsec] " .. err) error() end - ngx.log(ngx.WARN, "[Crowdsec] Initialisation done") + ngx.log(ngx.NOTICE, "[Crowdsec] Initialisation done") } diff --git a/confs/global/nginx.conf b/confs/global/nginx.conf index d414109..a397c26 100644 --- a/confs/global/nginx.conf +++ b/confs/global/nginx.conf @@ -50,7 +50,7 @@ http { # write logs to local syslog log_format logf '%LOG_FORMAT%'; access_log syslog:server=unix:/tmp/log,nohostname,facility=local0,severity=notice logf; - error_log syslog:server=unix:/tmp/log,nohostname,facility=local0 warn; + error_log syslog:server=unix:/tmp/log,nohostname,facility=local0 notice; # temp paths proxy_temp_path /tmp/proxy_temp; diff --git a/confs/site/antibot-captcha.conf b/confs/site/antibot-captcha.conf index 72f221e..92713f4 100644 --- a/confs/site/antibot-captcha.conf +++ b/confs/site/antibot-captcha.conf @@ -7,7 +7,7 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local captcha = require "captcha" if not cookie.is_set("uri") then - ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (1) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (1) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local img, res = captcha.get_challenge() @@ -22,19 +22,19 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local captcha = require "captcha" if not cookie.is_set("captchares") then - ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (2) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (2) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end ngx.req.read_body() local args, err = ngx.req.get_post_args(1) if err == "truncated" or not args or not args["captcha"] then - ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (3) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (3) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local captcha_user = args["captcha"] local check = captcha.check(captcha_user, cookie.get("captchares")) if not check then - ngx.log(ngx.WARN, "[ANTIBOT] captcha fail (4) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] captcha fail (4) for " .. ngx.var.remote_addr) return ngx.redirect("%ANTIBOT_URI%") end cookie.set({captcha = "ok"}) diff --git a/confs/site/antibot-recaptcha.conf b/confs/site/antibot-recaptcha.conf index 7ca0430..c9cffd3 100644 --- a/confs/site/antibot-recaptcha.conf +++ b/confs/site/antibot-recaptcha.conf @@ -7,7 +7,7 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local recaptcha = require "recaptcha" if not cookie.is_set("uri") then - ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (1) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (1) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%") @@ -20,19 +20,19 @@ location = %ANTIBOT_URI% { local cookie = require "cookie" local recaptcha = require "recaptcha" if not cookie.is_set("uri") then - ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (2) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (2) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end ngx.req.read_body() local args, err = ngx.req.get_post_args(1) if err == "truncated" or not args or not args["token"] then - ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (3) for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (3) for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) end local token = args["token"] local check = recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%") if check < %ANTIBOT_RECAPTCHA_SCORE% then - ngx.log(ngx.WARN, "[ANTIBOT] recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")") + ngx.log(ngx.NOTICE, "[ANTIBOT] recaptcha fail (4) for " .. ngx.var.remote_addr .. " (score = " .. tostring(check) .. ")") return ngx.exit(ngx.HTTP_FORBIDDEN) end cookie.set({recaptcha = "ok"}) diff --git a/confs/site/main-lua.conf b/confs/site/main-lua.conf index 5d17db5..1606961 100644 --- a/confs/site/main-lua.conf +++ b/confs/site/main-lua.conf @@ -70,7 +70,7 @@ end -- check if URI is whitelisted for k, v in pairs(whitelist_uri) do if ngx.var.request_uri == v then - ngx.log(ngx.WARN, "[WHITELIST] URI " .. v .. " is whitelisted") + ngx.log(ngx.NOTICE, "[WHITELIST] URI " .. v .. " is whitelisted") ngx.exit(ngx.OK) end end @@ -99,26 +99,26 @@ if use_user_agent and ngx.var.bad_user_agent == "yes" then local block = false for k, v in pairs(whitelist_user_agent) do if string.match(ngx.var.http_user_agent, v) then - ngx.log(ngx.WARN, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted") + ngx.log(ngx.NOTICE, "[ALLOW] User-Agent " .. ngx.var.http_user_agent .. " is whitelisted") block = false break end end if block then - ngx.log(ngx.WARN, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted") + ngx.log(ngx.NOTICE, "[BLOCK] User-Agent " .. ngx.var.http_user_agent .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end end -- check if referrer is allowed if use_referrer and ngx.var.bad_referrer == "yes" then - ngx.log(ngx.WARN, "[BLOCK] Referrer " .. ngx.var.http_referer .. " is blacklisted") + ngx.log(ngx.NOTICE, "[BLOCK] Referrer " .. ngx.var.http_referer .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end -- check if country is allowed if use_country and ngx.var.allowed_country == "no" then - ngx.log(ngx.WARN, "[BLOCK] Country of " .. ngx.var.remote_addr .. " is blacklisted") + ngx.log(ngx.NOTICE, "[BLOCK] Country of " .. ngx.var.remote_addr .. " is blacklisted") ngx.exit(ngx.HTTP_FORBIDDEN) end @@ -136,7 +136,7 @@ if use_crowdsec then ngx.log(ngx.ERR, "[Crowdsec] " .. err) end if not ok then - ngx.log(ngx.WARN, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "'") + ngx.log(ngx.NOTICE, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "'") ngx.exit(ngx.HTTP_FORBIDDEN) end end @@ -148,7 +148,7 @@ if use_antibot_cookie then cookie.set({uri = ngx.var.request_uri}) return ngx.redirect(antibot_uri) end - ngx.log(ngx.WARN, "[ANTIBOT] cookie fail for " .. ngx.var.remote_addr) + ngx.log(ngx.NOTICE, "[ANTIBOT] cookie fail for " .. ngx.var.remote_addr) return ngx.exit(ngx.HTTP_FORBIDDEN) else if ngx.var.request_uri == antibot_uri then diff --git a/lua/blacklist.lua b/lua/blacklist.lua index 112e65d..a57163b 100644 --- a/lua/blacklist.lua +++ b/lua/blacklist.lua @@ -26,7 +26,7 @@ function M.check_ip () if #ip_list > 0 then if iputils.ip_in_cidrs(ip, blacklist) then ngx.shared.blacklist_ip_cache:set(ip, "ko", 86400) - ngx.log(ngx.WARN, "ip " .. ip .. " is in blacklist") + ngx.log(ngx.NOTICE, "ip " .. ip .. " is in blacklist") return true end end @@ -41,7 +41,7 @@ function M.check_reverse () for k, v in ipairs(reverse_list) do if rdns:sub(-#v) == v then ngx.shared.blacklist_reverse_cache:set(ip, "ko", 86400) - ngx.log(ngx.WARN, "reverse " .. rdns .. " is in blacklist") + ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in blacklist") return true end end diff --git a/lua/dnsbl.lua b/lua/dnsbl.lua index 66bd348..07ab4f2 100644 --- a/lua/dnsbl.lua +++ b/lua/dnsbl.lua @@ -20,7 +20,7 @@ function M.check () local a,b,c,d = v2:match("([%d]+).([%d]+).([%d]+).([%d]+)") if a == "127" then ngx.shared.dnsbl_cache:set(ip, "ko", 86400) - ngx.log(ngx.WARN, "ip " .. ip .. " is in DNSBL " .. v) + ngx.log(ngx.NOTICE, "ip " .. ip .. " is in DNSBL " .. v) return true end end diff --git a/lua/whitelist.lua b/lua/whitelist.lua index ae30e4b..2b2292b 100644 --- a/lua/whitelist.lua +++ b/lua/whitelist.lua @@ -26,7 +26,7 @@ function M.check_ip () if #ip_list > 0 then if iputils.ip_in_cidrs(ip, whitelist) then ngx.shared.whitelist_ip_cache:set(ip, "ok", 86400) - ngx.log(ngx.WARN, "ip " .. ip .. " is in whitelist") + ngx.log(ngx.NOTICE, "ip " .. ip .. " is in whitelist") return true end end @@ -50,7 +50,7 @@ function M.check_reverse () for k, v in ipairs(ips) do if v == ip then ngx.shared.whitelist_reverse_cache:set(ip, "ok", 86400) - ngx.log(ngx.WARN, "reverse " .. rdns .. " is in whitelist") + ngx.log(ngx.NOTICE, "reverse " .. rdns .. " is in whitelist") return true end end