Last active
November 4, 2023 23:35
-
-
Save theMiddleBlue/02142f84007a5538491e109b383f28ba to your computer and use it in GitHub Desktop.
Nginx Lua DNSBL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration | |
| # -------------- | |
| # Comment the following line if you are not behind a proxy_pass or load balancer | |
| set $dnsbl_clientip $remote_addr; | |
| # Uncomment if the client IP is on X-Forwarded-For | |
| #set $dnsbl_clientip $http_x_forwarded_for; | |
| # Uncomment if you are using CloudFlare | |
| #set $dnsbl_clientip $http_cf_connecting_ip; | |
| # Insert your Project Honeypot Access-Key | |
| set $dnsbl_httpbl_accesskey "abcdefghijkl"; | |
| # leave this empty | |
| set $dnsblres ""; | |
| # -------------- | |
| rewrite_by_lua_block { | |
| local clientip = ngx.var.dnsbl_clientip | |
| local dnsblccval, dnsblccflag = ngx.shared.dnsblcache:get(clientip) | |
| if dnsblccval ~= nil then | |
| ngx.var.dnsblres = dnsblccval | |
| ngx.exit(ngx.HTTP_FORBIDDEN) | |
| end | |
| local dnsblserv = { | |
| ["projecthoneypot"]={ | |
| ["accesskey"]=ngx.var.dnsbl_httpbl_accesskey, | |
| ["host"]="dnsbl.httpbl.org" | |
| }, | |
| ["sorbs"]={ | |
| ["accesskey"]="", | |
| ["host"]="dnsbl.sorbs.net" | |
| } | |
| } | |
| local resolver = require "resty.dns.resolver" | |
| local r, err = resolver:new { | |
| nameservers = {"8.8.8.8"}, | |
| retrans = 1, | |
| timeout = 2000, | |
| } | |
| a,b,c,d = clientip:match("([%d]+).([%d]+).([%d]+).([%d]+)") | |
| ngx.say(a) | |
| for blserv,bltable in pairs(dnsblserv) do | |
| local accesskey = "" | |
| local dnsbltarget = "" | |
| for i,z in pairs(bltable) do | |
| if i == "accesskey" then | |
| if z ~= "" then | |
| accesskey = z.."." | |
| else | |
| accesskey = "" | |
| end | |
| end | |
| if i == "host" then | |
| dnsbltarget = z | |
| end | |
| end | |
| local dnsblhost = accesskey..d.."."..c.."."..b.."."..a.."."..dnsbltarget | |
| local answers, err, tries = r:query(dnsblhost, nil, {}) | |
| if answers ~= nil then | |
| for ak,ans in ipairs(answers) do | |
| if ans.address ~= nil then | |
| e,f,g,h = ans.address:match("([%d]+).([%d]+).([%d]+).([%d]+)") | |
| if e == '127' then | |
| if tonumber(h) > 0 then | |
| ngx.var.dnsblres = ngx.var.dnsblres..blserv.."="..ans.address.." " | |
| end | |
| end | |
| end | |
| end | |
| end | |
| end | |
| if ngx.var.dnsblres ~= "" then | |
| ngx.shared.dnsblcache:safe_set(clientip, ngx.var.dnsblres, 86400) | |
| ngx.exit(ngx.HTTP_FORBIDDEN) | |
| else | |
| ngx.shared.dnsblcache:safe_set(clientip, ngx.var.dnsblres, 86400) | |
| end | |
| } | |
| more_set_headers "x-dnsbl: $dnsblres"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi man,
I use nginx ver 1.15.10 and install module to support Nginx-Lua and Restydns and nginx run perfectly, and i follow your article form this URL https://www.secjuice.com/dnsbl-blacklist-over-dns-how-to/ but i got an issue every acccess to the site i got forbidden even i access on my localhost, here are the information
And here information on nginx.conf
and here information my vhost
and here information module enable on nginx
I Setup DNSBL.conf set by default
if you dont mind to help this issue, thank you.