bunkerweb/confs/main-lua.conf

access_by_lua_block {

local use_whitelist_ip			= %USE_WHITELIST_IP%
local use_whitelist_reverse		= %USE_WHITELIST_REVERSE%
local use_blacklist_ip			= %USE_BLACKLIST_IP%
local use_blacklist_reverse		= %USE_BLACKLIST_REVERSE%
local use_dnsbl				= %USE_DNS%

-- include LUA code
local whitelist = require "whitelist"
local blacklist = require "blacklist"
local dnsbl	= require "dnsbl"

-- check if already in whitelist cache
if use_whitelist_ip and whitelist.ip_cached_ok() then
	ngx.exit(ngx.OK)
end
if use_whitelist_reverse and whitelist.reverse_cached_ok() then
	ngx.exit(ngx.OK)
end

-- check if already in blacklist cache
if use_blacklist_ip and blacklist.ip_cached_ko() then
	ngx.exit(ngx.HTTP_FORBIDDEN)
end
if use_blacklist_reverse and blacklist.reverse_cached_ko() then
	ngx.exit(ngx.HTTP_FORBIDDEN)
end

-- check if already in dnsbl cache
if use_dnsbl and dnsbl.cached_ko() then
	ngx.exit(ngx.HTTP_FORBIDDEN)
end

-- check if IP is whitelisted (only if not in cache)
if use_whitelist_ip and not whitelist.ip_cached() then
	if whitelist.check_ip() then
		ngx.exit(ngx.OK)
	end
end

-- check if reverse is whitelisted (only if not in cache)
if use_whitelist_reverse and not whitelist.reverse_cached() then
	if whitelist.check_reverse() then
		ngx.exit(ngx.OK)
	end
end

-- check if IP is blacklisted (only if not in cache)
if use_blacklist_ip and not blacklist.ip_cached() then
	if blacklist.check_ip() then
		ngx.exit(ngx.HTTP_FORBIDDEN)
	end
end

-- check if reverse is blacklisted (only if not in cache)
if use_blacklist_reverse and not blacklist.reverse_cached() then
	if blacklist.check_reverse() then
		ngx.exit(ngx.HTTP_FORBIDDEN)
	end
end

-- check if IP is in DNSBLs (only if not in cache)
if use_dnsbl and not dnsbl.cached() then
	if dnsbl.check() then
		ngx.exit(ngx.HTTP_FORBIDDEN)
	end
end

ngx.exit(ngx.OK)

}