93 lines
2.2 KiB
Plaintext
93 lines
2.2 KiB
Plaintext
access_by_lua_block {
|
|
|
|
local use_whitelist_ip = %USE_WHITELIST_IP%
|
|
local use_whitelist_reverse = %USE_WHITELIST_REVERSE%
|
|
local use_blacklist_ip = %USE_BLACKLIST_IP%
|
|
local use_blacklist_reverse = %USE_BLACKLIST_REVERSE%
|
|
local use_dnsbl = %USE_DNSBL%
|
|
local use_antibot_cookie = %USE_ANTIBOT_COOKIE%
|
|
|
|
-- include LUA code
|
|
local whitelist = require "whitelist"
|
|
local blacklist = require "blacklist"
|
|
local dnsbl = require "dnsbl"
|
|
local cookie = require "cookie"
|
|
|
|
-- antibot
|
|
local antibot_uri = "%ANTIBOT_URI%"
|
|
|
|
-- check if already in whitelist cache
|
|
if use_whitelist_ip and whitelist.ip_cached_ok() then
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
if use_whitelist_reverse and whitelist.reverse_cached_ok() then
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
|
|
-- check if already in blacklist cache
|
|
if use_blacklist_ip and blacklist.ip_cached_ko() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
if use_blacklist_reverse and blacklist.reverse_cached_ko() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
|
|
-- check if already in dnsbl cache
|
|
if use_dnsbl and dnsbl.cached_ko() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
|
|
-- check if IP is whitelisted (only if not in cache)
|
|
if use_whitelist_ip and not whitelist.ip_cached() then
|
|
if whitelist.check_ip() then
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
end
|
|
|
|
-- check if reverse is whitelisted (only if not in cache)
|
|
if use_whitelist_reverse and not whitelist.reverse_cached() then
|
|
if whitelist.check_reverse() then
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
end
|
|
|
|
-- check if IP is blacklisted (only if not in cache)
|
|
if use_blacklist_ip and not blacklist.ip_cached() then
|
|
if blacklist.check_ip() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
end
|
|
|
|
-- check if reverse is blacklisted (only if not in cache)
|
|
if use_blacklist_reverse and not blacklist.reverse_cached() then
|
|
if blacklist.check_reverse() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
end
|
|
|
|
-- check if IP is in DNSBLs (only if not in cache)
|
|
if use_dnsbl and not dnsbl.cached() then
|
|
if dnsbl.check() then
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
end
|
|
|
|
-- cookie check
|
|
if use_antibot_cookie then
|
|
if not cookie.is_set() then
|
|
if ngx.var.uri ~= antibot_uri then
|
|
cookie.set()
|
|
return ngx.redirect(antibot_uri)
|
|
end
|
|
return ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
else
|
|
if ngx.var.uri == antibot_uri then
|
|
return ngx.redirect(cookie.get_uri())
|
|
end
|
|
end
|
|
end
|
|
|
|
ngx.exit(ngx.OK)
|
|
|
|
}
|