Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make blocked and whitelist maps multi tenant

Browse Source
This commit is contained in:
Thomas Lynch
2023-09-07 16:47:21 +10:00
parent d687e54d17
commit 93cac69798
9 changed files with 43 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/lua/scripts/bot-check.lua
View File

@ -410,6 +410,38 @@ function _M.set_lang_json(txn)
txn:set_var("txn.lang_json", ls)
end
-- set a variable if ip or subnet in blocked/whitelist map and list of usernames matches the one for the current domain
local blocked_map = Map.new("/etc/haproxy/map/blocked.map", Map._ip);
local whitelist_map = Map.new("/etc/haproxy/map/whitelist.map", Map._ip);
local accounts_map = Map.new("/etc/haproxy/map/domtoacc.map", Map._str);
local maps_map = {
["blocked"] = blocked_map,
["whitelist"] = whitelist_map,
}
function _M.set_ip_var(txn, map_name, set_variable)
-- get the host header and user ip
local host = txn.sf:hdr("Host")
local ip = txn.sf:src()
if ip == nil or host == nil then
return
end
-- get the name of current domain user, and the list
-- of names that have blocked this ip (in case multiple)
local names_list = maps_map[map_name]:lookup(ip)
local current_name = accounts_map:lookup(string.lower(host))
if names_list == nil or current_name == nil then
return
end
-- loop through them and set the blocked var if found
local split_names = utils.split(names_list, ":")
for _, name in ipairs(split_names) do
if name == current_name then
txn:set_var(set_variable, true)
return
end
end
end
-- check if captcha is enabled, path+domain priority, then just domain, and 0 otherwise
function _M.decide_checks_necessary(txn)
local host = txn.sf:hdr("Host")

2
src/lua/scripts/register-bot-check.lua
View File

@ -14,10 +14,10 @@ function get_server_names(txn)
end
core.register_fetches("get_server_names", get_server_names)
core.register_service("bot-check", "http", bot_check.view)
core.register_action("captcha-check", { 'http-req', }, bot_check.check_captcha_status)
core.register_action("pow-check", { 'http-req', }, bot_check.check_pow_status)
core.register_action("decide-checks-necessary", { 'http-req', }, bot_check.decide_checks_necessary)
core.register_action("kill-tor-circuit", { 'http-req', }, bot_check.kill_tor_circuit)
core.register_action("set-lang-json", { 'http-req', }, bot_check.set_lang_json)
core.register_action("set-ip-var", { 'http-req', }, bot_check.set_ip_var, 2)