New config param to allow ban checking on internal requests. (#69)
This commit is contained in:
parent
ec3885e6f9
commit
5249a8c4e8
3 changed files with 14 additions and 5 deletions
|
@ -7,6 +7,9 @@ BOUNCING_ON_TYPE=all
|
||||||
FALLBACK_REMEDIATION=ban
|
FALLBACK_REMEDIATION=ban
|
||||||
REQUEST_TIMEOUT=3000
|
REQUEST_TIMEOUT=3000
|
||||||
UPDATE_FREQUENCY=10
|
UPDATE_FREQUENCY=10
|
||||||
|
# By default internal requests are ignored, such as any path affected by rewrite rule.
|
||||||
|
# set ENABLE_INTERNAL=true to allow checking on these internal requests.
|
||||||
|
ENABLE_INTERNAL=false
|
||||||
# live or stream
|
# live or stream
|
||||||
MODE=live
|
MODE=live
|
||||||
# exclude the bouncing on those location
|
# exclude the bouncing on those location
|
||||||
|
|
|
@ -608,7 +608,7 @@ function csmod.Allow(ip)
|
||||||
ngx.exit(ngx.DECLINED)
|
ngx.exit(ngx.DECLINED)
|
||||||
end
|
end
|
||||||
|
|
||||||
if ngx.req.is_internal() then
|
if runtime.conf["ENABLE_INTERNAL"] == "false" and ngx.req.is_internal() then
|
||||||
ngx.exit(ngx.DECLINED)
|
ngx.exit(ngx.DECLINED)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -39,12 +39,13 @@ function config.loadConfig(file)
|
||||||
return nil, "File ".. file .." doesn't exist"
|
return nil, "File ".. file .." doesn't exist"
|
||||||
end
|
end
|
||||||
local conf = {}
|
local conf = {}
|
||||||
local valid_params = {'ENABLED','API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION', 'CAPTCHA_PROVIDER', 'APPSEC_URL', 'APPSEC_FAILURE_ACTION', 'ALWAYS_SEND_TO_APPSEC', 'SSL_VERIFY'}
|
local valid_params = {'ENABLED', 'ENABLE_INTERNAL', 'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION', 'CAPTCHA_PROVIDER', 'APPSEC_URL', 'APPSEC_FAILURE_ACTION', 'ALWAYS_SEND_TO_APPSEC', 'SSL_VERIFY'}
|
||||||
local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION', 'APPSEC_CONNECT_TIMEOUT', 'APPSEC_SEND_TIMEOUT', 'APPSEC_PROCESS_TIMEOUT', 'STREAM_REQUEST_TIMEOUT'}
|
local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION', 'APPSEC_CONNECT_TIMEOUT', 'APPSEC_SEND_TIMEOUT', 'APPSEC_PROCESS_TIMEOUT', 'STREAM_REQUEST_TIMEOUT'}
|
||||||
local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
|
local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
|
||||||
local valid_truefalse_values = {'false', 'true'}
|
local valid_truefalse_values = {'false', 'true'}
|
||||||
local default_values = {
|
local default_values = {
|
||||||
['ENABLED'] = "true",
|
['ENABLED'] = "true",
|
||||||
|
['ENABLE_INTERNAL'] = "false",
|
||||||
['API_URL'] = "",
|
['API_URL'] = "",
|
||||||
['REQUEST_TIMEOUT'] = 500,
|
['REQUEST_TIMEOUT'] = 500,
|
||||||
['STREAM_REQUEST_TIMEOUT'] = 15000,
|
['STREAM_REQUEST_TIMEOUT'] = 15000,
|
||||||
|
@ -87,6 +88,11 @@ function config.loadConfig(file)
|
||||||
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'true' instead")
|
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'true' instead")
|
||||||
value = "true"
|
value = "true"
|
||||||
end
|
end
|
||||||
|
elseif key == "ENABLE_INTERNAL" then
|
||||||
|
if not has_value(valid_truefalse_values, value) then
|
||||||
|
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'false' instead")
|
||||||
|
value = "false"
|
||||||
|
end
|
||||||
elseif key == "BOUNCING_ON_TYPE" then
|
elseif key == "BOUNCING_ON_TYPE" then
|
||||||
if not has_value(valid_bouncing_on_type_values, value) then
|
if not has_value(valid_bouncing_on_type_values, value) then
|
||||||
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'ban' instead")
|
ngx.log(ngx.ERR, "unsupported value '" .. value .. "' for variable '" .. key .. "'. Using default value 'ban' instead")
|
||||||
|
|
Loading…
Reference in a new issue