kopia lustrzana https://github.com/alecmuffett/eotk
commit: refactor some checks out to generated template code
rodzic
250a6513bc
commit
2209e692bc
|
@ -406,11 +406,16 @@ sub DoProject {
|
|||
&SetEnv("suppress_tor2web", 1); # 1 = block access by tor2web sites
|
||||
|
||||
&SetEnv("block_err", "This action is not supported over Onion yet, sorry.");
|
||||
|
||||
&SetEnv("block_host", "");
|
||||
&SetEnv("block_host_re", "");
|
||||
|
||||
&SetEnv("block_location", "");
|
||||
&SetEnv("block_location_re", "");
|
||||
|
||||
&SetEnv("block_path", "");
|
||||
&SetEnv("block_path_re", "");
|
||||
|
||||
&SetEnv("nginx_action_abort", "return 500");
|
||||
|
||||
&SetEnv("referer_whitelist_re", "");
|
||||
|
|
|
@ -449,6 +449,7 @@ do {
|
|||
push(@new_template, $line);
|
||||
next;
|
||||
}
|
||||
&Warn("processing include: $line\n");
|
||||
$include_flag++;
|
||||
$include_count++;
|
||||
my @include_body = &Slurp($line);
|
||||
|
|
|
@ -576,58 +576,8 @@ http {
|
|||
# no cookie_lock cookie setting
|
||||
%%ENDIF
|
||||
|
||||
%%IF %SUPPRESS_TOR2WEB%
|
||||
# suppress tor2web traffic; "let them use clearnet"
|
||||
if ( $http_x_tor2web ) {
|
||||
return 403 "%BLOCK_ERR%";
|
||||
}
|
||||
%%ELSE
|
||||
# tor2web not suppressed
|
||||
%%ENDIF
|
||||
|
||||
%%IF %BLOCK_HOST%
|
||||
# politely block hosts matching this name
|
||||
%%CSV %BLOCK_HOST%
|
||||
if ( $host = "%0%" ) {
|
||||
return 403 "%BLOCK_ERR%";
|
||||
}
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no polite named host blocking
|
||||
%%ENDIF
|
||||
|
||||
%%IF %BLOCK_HOST_RE%
|
||||
# politely block hosts matching this regular expression
|
||||
%%CSV %BLOCK_HOST_RE%
|
||||
if ( $host ~* "%0%" ) {
|
||||
return 403 "%BLOCK_ERR%";
|
||||
}
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no polite regular expression host blocking
|
||||
%%ENDIF
|
||||
|
||||
%%IF %BLOCK_LOCATION%
|
||||
# politely block locations by name
|
||||
%%CSV %BLOCK_LOCATION%
|
||||
location %0% {
|
||||
return 403 "%BLOCK_ERR%";
|
||||
}
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no polite named location blocking
|
||||
%%ENDIF
|
||||
|
||||
%%IF %BLOCK_LOCATION_RE%
|
||||
# politely block locations matching this regular expression
|
||||
%%CSV %BLOCK_LOCATION_RE%
|
||||
location ~* "%0%" {
|
||||
return 403 "%BLOCK_ERR%";
|
||||
}
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no polite regular expression location blocking
|
||||
%%ENDIF
|
||||
# include generated blocks
|
||||
%%INCLUDE templates.d/nginx-generated-blocks.conf
|
||||
|
||||
%%IF %REDIRECT_HOST_CSV%
|
||||
# redirect_hosts: 1=host_re,2=scheme://host.dom,3=code
|
||||
|
@ -721,115 +671,10 @@ http {
|
|||
# paths are assumed not to contain onionified hostnames
|
||||
%%ENDIF
|
||||
|
||||
# blacklists
|
||||
|
||||
%%IF %USER_AGENT_BLACKLIST_RE%
|
||||
# check user_agent_blacklist_re
|
||||
%%CSV %USER_AGENT_BLACKLIST_RE%
|
||||
if ( $http_user_agent ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no user_agent_blacklist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %REFERER_BLACKLIST_RE%
|
||||
# check referer_blacklist_re
|
||||
%%CSV %REFERER_BLACKLIST_RE%
|
||||
if ( $http_referer ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no referer_blacklist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %HOST_BLACKLIST_RE%
|
||||
# check host_blacklist_re
|
||||
%%CSV %HOST_BLACKLIST_RE%
|
||||
if ( $http_host ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no host_blacklist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %PATH_BLACKLIST_RE%
|
||||
# check path_blacklist_re
|
||||
%%CSV %PATH_BLACKLIST_RE%
|
||||
if ( $uri ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no path_blacklist_re
|
||||
%%ENDIF
|
||||
|
||||
# whitelists
|
||||
|
||||
%%IF %USER_AGENT_WHITELIST_RE%
|
||||
# check user_agent_whitelist_re
|
||||
set $non_whitelist_user_agent 1;
|
||||
%%CSV %USER_AGENT_WHITELIST_RE%
|
||||
if ( $http_user_agent ~* "%0%" ) { set $non_whitelist_user_agent 0; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no user_agent_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %REFERER_WHITELIST_RE%
|
||||
# check referer_whitelist_re
|
||||
set $non_whitelist_referer 1;
|
||||
%%CSV %REFERER_WHITELIST_RE%
|
||||
if ( $http_referer ~* "%0%" ) { set $non_whitelist_referer 0; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no referer_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %HOST_WHITELIST_RE%
|
||||
# check host_whitelist_re
|
||||
set $non_whitelist_host 1;
|
||||
%%CSV %HOST_WHITELIST_RE%
|
||||
if ( $http_host ~* "%0%" ) { set $non_whitelist_host 0; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no host_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %PATH_WHITELIST_RE%
|
||||
# check path_whitelist_re
|
||||
set $non_whitelist_path 1;
|
||||
%%CSV %PATH_WHITELIST_RE%
|
||||
if ( $uri ~* "%0%" ) { set $non_whitelist_path 0; }
|
||||
%%ENDCSV
|
||||
%%ELSE
|
||||
# no path_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
# for traffic
|
||||
location / {
|
||||
%%IF %USER_AGENT_WHITELIST_RE%
|
||||
# check success of user_agent_whitelist_re
|
||||
if ( $non_whitelist_user_agent ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ELSE
|
||||
# no check for success of user_agent_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %REFERER_WHITELIST_RE%
|
||||
# check success of referer_whitelist_re
|
||||
if ( $non_whitelist_referer ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ELSE
|
||||
# no check for success of referer_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %HOST_WHITELIST_RE%
|
||||
# check success of host_whitelist_re
|
||||
if ( $non_whitelist_host ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ELSE
|
||||
# no check for success of host_whitelist_re
|
||||
%%ENDIF
|
||||
|
||||
%%IF %PATH_WHITELIST_RE%
|
||||
# check success of path_whitelist_re
|
||||
if ( $non_whitelist_path ) { %NGINX_ACTION_ABORT%; }
|
||||
%%ELSE
|
||||
# no check for success of path_whitelist_re
|
||||
%%ENDIF
|
||||
# include generated whitelist checks
|
||||
%%INCLUDE templates.d/nginx-generated-checks.conf
|
||||
|
||||
%%IF %COOKIE_LOCK%
|
||||
# check for cookie-lock
|
||||
|
|
Ładowanie…
Reference in New Issue