New config param to allow ban checking on internal requests. (#69)

This commit is contained in:
Andrew "Bob" Brockhurst 2024-08-23 11:31:45 +01:00 committed by GitHub
parent ec3885e6f9
commit 5249a8c4e8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 14 additions and 5 deletions

View file

@ -7,6 +7,9 @@ BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=3000 REQUEST_TIMEOUT=3000
UPDATE_FREQUENCY=10 UPDATE_FREQUENCY=10
# By default internal requests are ignored, such as any path affected by rewrite rule.
# set ENABLE_INTERNAL=true to allow checking on these internal requests.
ENABLE_INTERNAL=false
# live or stream # live or stream
MODE=live MODE=live
# exclude the bouncing on those location # exclude the bouncing on those location

View file

@ -608,7 +608,7 @@ function csmod.Allow(ip)
ngx.exit(ngx.DECLINED) ngx.exit(ngx.DECLINED)
end end
if ngx.req.is_internal() then if runtime.conf["ENABLE_INTERNAL"] == "false" and ngx.req.is_internal() then
ngx.exit(ngx.DECLINED) ngx.exit(ngx.DECLINED)
end end

View file

@ -39,12 +39,13 @@ function config.loadConfig(file)
return nil, "File ".. file .." doesn't exist" return nil, "File ".. file .." doesn't exist"
end end
local conf = {} local conf = {}
local valid_params = {'ENABLED','API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION', 'CAPTCHA_PROVIDER', 'APPSEC_URL', 'APPSEC_FAILURE_ACTION', 'ALWAYS_SEND_TO_APPSEC', 'SSL_VERIFY'} local valid_params = {'ENABLED', 'ENABLE_INTERNAL', 'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION', 'CAPTCHA_PROVIDER', 'APPSEC_URL', 'APPSEC_FAILURE_ACTION', 'ALWAYS_SEND_TO_APPSEC', 'SSL_VERIFY'}
local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION', 'APPSEC_CONNECT_TIMEOUT', 'APPSEC_SEND_TIMEOUT', 'APPSEC_PROCESS_TIMEOUT', 'STREAM_REQUEST_TIMEOUT'} local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION', 'APPSEC_CONNECT_TIMEOUT', 'APPSEC_SEND_TIMEOUT', 'APPSEC_PROCESS_TIMEOUT', 'STREAM_REQUEST_TIMEOUT'}
local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'} local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
local valid_truefalse_values = {'false', 'true'} local valid_truefalse_values = {'false', 'true'}
local default_values = { local default_values = {
['ENABLED'] = "true", ['ENABLED'] = "true",
['ENABLE_INTERNAL'] = "false",
['API_URL'] = "", ['API_URL'] = "",
['REQUEST_TIMEOUT'] = 500, ['REQUEST_TIMEOUT'] = 500,
['STREAM_REQUEST_TIMEOUT'] = 15000, ['STREAM_REQUEST_TIMEOUT'] = 15000,
@ -87,6 +88,11 @@ function config.loadConfig(file)
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'true' instead") ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'true' instead")
value = "true" value = "true"
end end
elseif key == "ENABLE_INTERNAL" then
if not has_value(valid_truefalse_values, value) then
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'false' instead")
value = "false"
end
elseif key == "BOUNCING_ON_TYPE" then elseif key == "BOUNCING_ON_TYPE" then
if not has_value(valid_bouncing_on_type_values, value) then if not has_value(valid_bouncing_on_type_values, value) then
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'ban' instead") ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'ban' instead")