Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add asn blocking

Browse Source
This commit is contained in:
Thomas Lynch
2023-09-09 21:39:45 +10:00
parent 93cac69798
commit e36add4ee7
9 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/lua/scripts/bot-check.lua
View File

@ -411,23 +411,32 @@ function _M.set_lang_json(txn)
end
-- set a variable if ip or subnet in blocked/whitelist map and list of usernames matches the one for the current domain
local blocked_map = Map.new("/etc/haproxy/map/blocked.map", Map._ip);
local blockedip_map = Map.new("/etc/haproxy/map/blockedip.map", Map._ip);
local blockedasn_map = Map.new("/etc/haproxy/map/blockedasn.map", Map._str);
local whitelist_map = Map.new("/etc/haproxy/map/whitelist.map", Map._ip);
local accounts_map = Map.new("/etc/haproxy/map/domtoacc.map", Map._str);
local maps_map = {
["blocked"] = blocked_map,
["blockedip"] = blockedip_map,
["blockedasn"] = blockedasn_map,
["whitelist"] = whitelist_map,
}
function _M.set_ip_var(txn, map_name, set_variable)
function _M.set_ip_var(txn, map_name, set_variable, lookup_var)
-- get the host header and user ip
local host = txn.sf:hdr("Host")
local ip = txn.sf:src()
if ip == nil or host == nil then
-- choose lookup key
local lookup_key = nil
if lookup_var == "ip" then -- 1=ip
lookup_key = txn.sf:src()
elseif lookup_var == "asn" then -- 2=asn
lookup_key = txn:get_var("req.asn")
end
-- if none return
if lookup_key == nil or host == nil then
return
end
-- get the name of current domain user, and the list
-- of names that have blocked this ip (in case multiple)
local names_list = maps_map[map_name]:lookup(ip)
local names_list = maps_map[map_name]:lookup(lookup_key)
local current_name = accounts_map:lookup(string.lower(host))
if names_list == nil or current_name == nil then
return