vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-02 02:29:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ADD Nginx Mainline Test / FIX Nginx Versioning Info in README

Browse source
This commit is contained in:
Mitchell Krog 2019-06-29 18:18:50 +02:00
parent 7683763e7e
commit 41933b8b6b
No known key found for this signature in database
GPG key ID: C243C388553EDE5D
23 changed files with 19463 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

311
.dev-tools/install-nginx-mainline-nginx.sh Normal file
View file

@ -0,0 +1,311 @@
#!/bin/bash
# Travis CI Generating and Building for the Nginx Ultimate Bad Bot Blocker (using non standard folder locations)
# Created by: Mitchell Krog (mitchellkrog@gmail.com)
# Copyright: Mitchell Krog - https://github.com/mitchellkrogza
# Repo Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# ------------------------------------------------------------------------------
# MIT License
# ------------------------------------------------------------------------------
# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
# https://github.com/mitchellkrogza
# ------------------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# ------------------------------------------------------------------------------
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# ------------------------------------------------------------------------------
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ------------------------------------------------------------------------------
# ------------------------
# Set Terminal Font Colors
# ------------------------
bold=$(tput bold)
red=$(tput setaf 1)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
blue=$(tput setaf 4)
magenta=$(tput setaf 5)
cyan=$(tput setaf 6)
white=$(tput setaf 7)
defaultcolor=$(tput setaf default)
# ---------
# FUNCTIONS
# ---------
reloadNginX () {
printf "\n"
echo "${bold}${green}---------------"
echo "${bold}${green}Reloading Nginx"
echo "${bold}${green}---------------"
sudo nginx -t && sudo nginx -s reload
}
waitforReload () {
echo "${bold}${yellow}-----------------------------------------------------------------------"
echo "${bold}${yellow}Sleeping for 10 seconds to allow Nginx to Properly Reload inside Travis"
echo "${bold}${yellow}-----------------------------------------------------------------------"
printf "\n"
sleep 10s
}
installNginxMainstream (){
sudo rm -rfv /etc/nginx/mybots.d/
sudo rm -rfv /etc/nginx/myconf.d/
sudo rm -rfv /etc/nginx/conf.d/
sudo rm -rfv /etc/nginx/bots.d/
sudo rm /etc/nginx/sites-available/*
sudo rm /etc/nginx/sites-enabled/*
sudo rm /etc/nginx/nginx.conf
ls -la /etc/nginx/
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/test1_conf_backup_nginxconf/nginx13.conf /etc/nginx/nginx.conf
sudo apt-get purge nginx-full
sudo apt-get purge nginx-common
sudo apt-get purge nginx*
# Mainline from PPA
#mainstreamnginx=development
#sudo add-apt-repository -y ppa:nginx/${mainstreamnginx}
#sudo apt-get update
#sudo apt-get install -y --assume-yes nginx-full
#sudo nginx -V
#sudo nginx -t && sudo nginx -s reload
# Mainline from Nginx
echo "deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx" > /etc/apt/sources.list.d/nginx.list
wget https://nginx.org/keys/nginx_signing.key -O - | sudo apt-key add -
apt-get -y update
apt-get -y install nginx
sudo nginx -V
sudo nginx -t && sudo nginx -s reload
}
cleanupNginx1 () {
echo "${bold}${yellow}-----------------------------------"
echo "${bold}${yellow}Removing Files from Install Nginx 3"
echo "${bold}${yellow}-----------------------------------"
printf "\n"
sudo rm /etc/nginx/sites-available/default.vhost
sudo rm /etc/nginx/sites-enabled/default.vhost
sudo rm /etc/nginx/sites-available/*
sudo rm /etc/nginx/sites-enabled/*
sudo rm /var/www/html/*
sudo rm /etc/nginx/conf.d/*.conf
sudo rm /etc/nginx/bots.d/*.conf
}
checkDirectories () {
ls -la /etc/nginx/conf.d/
ls -la /etc/nginx/bots.d/
ls -la /etc/nginx/sites-available/
ls -la /etc/nginx/sites-enabled/
ls -la /var/www/html/
echo "${bold}${yellow}-------------------------------------------------"
echo "${bold}${yellow}Confirming Files from Install Nginx 3 are Removed"
echo "${bold}${yellow}-------------------------------------------------"
printf "\n"
}
activateVHost () {
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/default.vhost /etc/nginx/sites-available/default.vhost
sudo ln -s /etc/nginx/sites-available/default.vhost /etc/nginx/sites-enabled/default.vhost
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/index.html /var/www/html/index.html
echo "${bold}${yellow}---------------------------------------------"
echo "${bold}${yellow}Activating default.vhost and linking to Nginx"
echo "${bold}${yellow}---------------------------------------------"
printf "\n"
}
activateVHost2 () {
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/default-noincludes.vhost /etc/nginx/sites-available/default.vhost
echo "${bold}${yellow}---------------------------------------------"
echo "${bold}${yellow}Activating default.vhost and linking to Nginx"
echo "${bold}${yellow}---------------------------------------------"
printf "\n"
}
getinstallngxblocker () {
echo "${bold}${magenta}--------------------------------------"
echo "${bold}${magenta}Fetch install-ngxblocker from the repo"
echo "${bold}${magenta}--------------------------------------"
printf "\n"
sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/sbin/install-ngxblocker
sudo chmod +x /usr/sbin/install-ngxblocker
}
runinstallngxblocker () {
echo "${bold}${magenta}--------------------------"
echo "${bold}${magenta}Execute install-ngxblocker"
echo "${bold}${magenta}--------------------------"
printf "\n"
cd /usr/sbin
sudo bash ./install-ngxblocker -x
}
makeScriptsExecutable () {
sudo chmod +x /usr/sbin/install-ngxblocker
sudo chmod +x /usr/sbin/setup-ngxblocker
sudo chmod +x /usr/sbin/update-ngxblocker
}
runsetupngxblocker1 () {
printf "\n"
echo "${bold}${magenta}------------------------"
echo "${bold}${magenta}Execute setup-ngxblocker"
echo "${bold}${magenta}------------------------"
printf "\n"
cd /usr/sbin
sudo bash ./setup-ngxblocker -x
}
loadNginxConf () {
printf "\n"
echo "${bold}${magenta}---------------"
echo "${bold}${magenta}Load nginx.conf"
echo "${bold}${magenta}---------------"
sudo nginx -c /etc/nginx/nginx.conf
}
forceUpdateTest1 () {
printf "\n"
echo "${bold}${yellow}----------------------------------------------------"
echo "${bold}${yellow}Copy older globalblacklist.conf file to force update"
echo "${bold}${yellow}----------------------------------------------------"
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/globalblacklist-dummy.conf /etc/nginx/conf.d/globalblacklist.conf
}
forceUpdateTest2 () {
echo "${bold}${yellow}--------------------------------------"
echo "${bold}${yellow}Delete Files to test update-ngxblocker"
echo "${bold}${yellow}--------------------------------------"
printf "\n"
sudo rm /etc/nginx/conf.d/*.conf
sudo rm /etc/nginx/bots.d/*.conf
ls -la /etc/nginx/conf.d/
ls -la /etc/nginx/bots.d/
}
runupdatengxblocker () {
printf "\n"
echo "${bold}${magenta}-------------------------"
echo "${bold}${magenta}Execute update-ngxblocker"
echo "${bold}${magenta}-------------------------"
cd /usr/sbin
sudo bash ./update-ngxblocker -n
}
activateLatestBlacklist () {
echo "${bold}${yellow}------------------------------------------------------------"
echo "${bold}${yellow}Make sure we test with latest generated globalblacklist.conf"
echo "${bold}${yellow}------------------------------------------------------------"
printf "\n"
sudo cp ${TRAVIS_BUILD_DIR}/conf.d/globalblacklist.conf /etc/nginx/conf.d/globalblacklist.conf
}
backupConfFiles () {
printf "\n"
echo "${bold}${green}-------------------------------------------------------"
echo "${bold}${green}Backup all conf files and folders used during this test"
echo "${bold}${green}-------------------------------------------------------"
printf "\n"
sudo cp /etc/nginx/bots.d/* ${TRAVIS_BUILD_DIR}/.dev-tools/test5_conf_files/bots.d/
sudo cp /etc/nginx/conf.d/* ${TRAVIS_BUILD_DIR}/.dev-tools/test5_conf_files/conf.d/
sudo cp /etc/nginx/sites-available/default.vhost ${TRAVIS_BUILD_DIR}/.dev-tools/test5_conf_files/default.vhost
sudo cp /etc/nginx/nginx.conf ${TRAVIS_BUILD_DIR}/.dev-tools/test5_conf_files/nginx.conf
}
getnginxversion () {
sudo nginx -v &> ${TRAVIS_BUILD_DIR}/.dev-tools/nginxv3.txt
}
# -----------------
# Trigger Functions
# -----------------
installNginxMainstream
checkDirectories
activateVHost
getinstallngxblocker
makeScriptsExecutable
runsetupngxblocker1
loadNginxConf
forceUpdateTest1
runupdatengxblocker
reloadNginX
waitforReload
forceUpdateTest2
runupdatengxblocker
checkDirectories
forceUpdateTest1
runupdatengxblocker
runsetupngxblocker1
reloadNginX
waitforReload
activateVHost2
runsetupngxblocker1
reloadNginX
waitforReload
activateLatestBlacklist
runsetupngxblocker1
reloadNginX
waitforReload
backupConfFiles
getnginxversion
# ----------------------
# Exit With Error Number
# ----------------------
exit ${?}
# ------------------------------------------------------------------------------
# MIT License
# ------------------------------------------------------------------------------
# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
# https://github.com/mitchellkrogza
# ------------------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# ------------------------------------------------------------------------------
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# ------------------------------------------------------------------------------
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ------------------------------------------------------------------------------

0
.dev-tools/install-nginx-mainstream.sh → .dev-tools/install-nginx-mainline-ppa.sh
View file

5
.dev-tools/modify-config-readme-files.sh
View file

@ -70,9 +70,10 @@ _startmarker="_______________"
_endmarker="____________________"
_startmarker2="_______________________"
_endmarker2="__________________________"
nginxv="nginx version: nginx/1.10"
nginxv="nginx version: nginx/1.10.x"
nginxv1=$(cat ${TRAVIS_BUILD_DIR}/.dev-tools/nginxv1.txt)
nginxv2=$(cat ${TRAVIS_BUILD_DIR}/.dev-tools/nginxv2.txt)
nginxv3=$(cat ${TRAVIS_BUILD_DIR}/.dev-tools/nginxv3.txt)
# ---------
# FUNCTIONS
@ -106,7 +107,7 @@ updateReadme2 () {
# PRINT NGINX VERSION INFORMATION INTO README.md
# **********************************************
printf '%s\n%s\n%s\n%s\n%s' "$_startmarker2" "##### ${nginxv}" "##### ${nginxv1}" "##### ${nginxv2}" "$_endmarker2" >> "$_tmpnginxA"
printf '%s\n%s\n%s\n%s\n%s\n%s' "$_startmarker2" "##### Tested On:" "##### ${nginxv}" "##### ${nginxv1}" "##### ${nginxv2}" "$_endmarker2" >> "$_tmpnginxA"
mv ${_tmpnginxA} ${_inputdbA}
ed -s ${_inputdbA}<<\IN
1,/_______________________/d

0
.dev-tools/nginxv3.txt Normal file
View file

0
.dev-tools/test-nginx-mainstream.sh → .dev-tools/test-nginx-mainline-nginx.sh Executable file → Normal file
View file

412
.dev-tools/test-nginx-mainline-ppa.sh Executable file
View file

@ -0,0 +1,412 @@
#!/bin/bash
# Curl Testing Script for Nginx Ultimate Bad Bot Blocker
# Created by: Mitchell Krog (mitchellkrog@gmail.com)
# Copyright: Mitchell Krog - https://github.com/mitchellkrogza
# Repo Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# ------------------------------------------------------------------------------
# MIT License
# ------------------------------------------------------------------------------
# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
# https://github.com/mitchellkrogza
# ------------------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# ------------------------------------------------------------------------------
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# ------------------------------------------------------------------------------
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ------------------------------------------------------------------------------
# ------------------------
# Set Terminal Font Colors
# ------------------------
bold=$(tput bold)
red=$(tput setaf 1)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
blue=$(tput setaf 4)
magenta=$(tput setaf 5)
cyan=$(tput setaf 6)
white=$(tput setaf 7)
defaultcolor=$(tput setaf default)
# ---------
# FUNCTIONS
# ---------
resetNginx () {
echo "${bold}${green}------------------------------------------------"
echo "${bold}${green}Disable any User Whitelisting and set to Default"
echo "${bold}${green}------------------------------------------------"
sudo cp ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/blacklist-user-agents-none.conf /etc/nginx/bots.d/blacklist-user-agents.conf
}
reloadNginX () {
printf "\n"
echo "${bold}${green}---------------"
echo "${bold}${green}Reloading Nginx"
echo "${bold}${green}---------------"
sudo nginx -t && sudo nginx -s reload
}
waitforReload () {
echo "${bold}${yellow}-----------------------------------------------------------------------"
echo "${bold}${yellow}Sleeping for 10 seconds to allow Nginx to Properly Reload inside Travis"
echo "${bold}${yellow}-----------------------------------------------------------------------"
printf "\n"
sleep 10s
}
run_curltest1 () {
if curl -A "80legs" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}80legs BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}80legs BAD BOT NOT DETECTED"
#exit 1
fi
}
run_curltest2 () {
if curl -A "Nutch" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}Nutch BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}Nutch BAD BOT NOT DETECTED"
#exit 1
fi
}
run_curltest3 () {
if curl -I http://localhost:9000 -e http://100dollars-seo.com 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}100dollars-seo.com BAD REFERRER DETECTED"
else
echo "${bold}${red}FAILED - ${red}100dollars-seo.com BAD REFERRER NOT DETECTED"
#exit 1
fi
}
run_curltest4 () {
if curl -I http://localhost:9000 -e http://zx6.ru 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}zx6.ru BAD REFERRER DETECTED"
else
echo "${bold}${red}FAILED - ${red}zx6.ru BAD REFERRER NOT DETECTED"
#exit 1
fi
}
run_curltest5 () {
if curl -A "GoogleBot" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}GoogleBot GOOD BOT ALLOWED THROUGH"
else
echo "${bold}${red}FAILED - ${red}GoogleBot GOOD BOT NOT ALLOWED THROUGH"
#exit 1
fi
}
run_curltest6 () {
if curl -A "BingBot" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}BingBot GOOD BOT ALLOWED THROUGH"
else
echo "${bold}${red}FAILED - ${red}BingBot GOOD BOT NOT ALLOWED THROUGH"
#exit 1
fi
}
run_curltest7 () {
if curl http://localhost:9000 -e http://google.com 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}google.com GOOD REFERRER DETECTED"
else
echo "${bold}${red}FAILED - ${red}google.com GOOD REFERRER NOT DETECTED"
#exit 1
fi
}
run_curltest8 () {
if curl http://localhost:9000 -e http://bing.com 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${red}bing.com GOOD REFERRER DETECTED"
else
echo "${bold}${red}FAILED - ${red}bing.com GOOD REFERRER NOT DETECTED"
#exit 1
fi
}
run_curltest9 () {
if curl -A "Googlebot/Nutch-1.7" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}Googlebot/Nutch-1.7 BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}Googlebot/Nutch-1.7 BAD BOT NOT DETECTED"
#exit 1
fi
}
run_curltest10 () {
if curl -A "Mozilla/5.0 (compatible; Googlebot/Nutch2.1; +http://www.google.com/bot.html)" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}Googlebot/Nutch2.1 BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}Googlebot/Nutch2.1 BAD BOT NOT DETECTED"
#exit 1
fi
}
run_curltest11 () {
if curl -A "Mozilla/5.0 (compatible; Googlebot/nutch/-2.1; +http://www.google.com/bot.html)" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}Googlebot/nutch/-2.1 BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - Googlebot/nutch/-2.1 BAD BOT NOT DETECTED"
#exit 1
fi
}
run_curltest12 () {
if curl -A "Mozilla/5.0 (compatible; Googlebot-Image/Snutch\-/-2.1; +http://www.google.com/bot.html)" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - NO FALSE POSITIVE on Googlebot-Image/Snutch\-/-2.1"
else
echo "${bold}${red}FAILED - FALSE POSITIVE FOUND on Googlebot-Image/Snutch\-/-2.1"
#exit 1
fi
}
run_curltest13 () {
if curl -A "SnutchMozilla/5.0 (compatible; Googlebot-Image/SMutch\-/-2.1; +http://www.google.com/bot.html)" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - NO FALSE POSITIVE on SnutchMozilla/5.0"
else
echo "${bold}${red}FAILED - FALSE POSITIVE FOUND on SnutchMozilla/5.0"
#exit 1
fi
}
run_curltest14 () {
if curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - NO FALSE POSITIVE on Mozilla/5.0"
else
echo "${bold}${red}FAILED - FALSE POSITIVE FOUND on Mozilla/5.0"
#exit 1
fi
}
run_curltest15 () {
if curl -A "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - NO FALSE POSITIVE on Safari"
else
echo "${bold}${red}FAILED - FALSE POSITIVE FOUND on Safari"
#exit 1
fi
}
testBadUserAgents () {
shuf -n 10 ${TRAVIS_BUILD_DIR}/_generator_lists/bad-user-agents.list > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.tmp
sed 's/\\//g' ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.tmp > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.list
sudo rm ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.tmp
sort -u ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.list -o ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.list
printf "\n"
echo "${bold}${magenta}---------------------------"
echo "${bold}${magenta}Testing 10 Random Bad Bots"
echo "${bold}${magenta}---------------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-bots-for-test-quick.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -A "${line}" http://localhost:9000 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}${line} was ${bold}${red}BLOCKED"
else
echo "${bold}${red}FAILED - ${red}${line} was ${bold}${red}NOT BLOCKED"
fi
done
IFS=""
}
testGoodUserAgents () {
sed 's/\\//g' ${TRAVIS_BUILD_DIR}/_generator_lists/good-user-agents.list > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/good-bots-for-test.list
printf "\n"
echo "${bold}${magenta}---------------------"
echo "${bold}${magenta}Testing All Good Bots"
echo "${bold}${magenta}---------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/good-bots-for-test.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -A "${line}" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}${line} was ${bold}${green}ALLOWED"
else
echo "${bold}${red}FAILED - ${red}${line} was ${bold}${red}BLOCKED"
fi
done
IFS=""
}
testAllowedUserAgents () {
sed 's/\\//g' ${TRAVIS_BUILD_DIR}/_generator_lists/allowed-user-agents.list > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/allowed-bots-for-test.list
printf "\n"
echo "${bold}${magenta}------------------------"
echo "${bold}${magenta}Testing All Allowed Bots"
echo "${bold}${magenta}------------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/allowed-bots-for-test.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -A "${line}" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}${line} was ${bold}${green}ALLOWED"
else
echo "${bold}${red}FAILED - ${red}${line} was ${bold}${red}BLOCKED"
fi
done
IFS=""
}
testLimitedUserAgents () {
sed 's/\\//g' ${TRAVIS_BUILD_DIR}/_generator_lists/limited-user-agents.list > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/limited-bots-for-test.list
printf "\n"
echo "${bold}${magenta}------------------------"
echo "${bold}${magenta}Testing All Limited Bots"
echo "${bold}${magenta}------------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/limited-bots-for-test.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -A "${line}" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}${line} was ${bold}${green}ALLOWED and ${bold}${red}RATE LIMITED"
else
echo "${bold}${green}FAILED - ${red}${line} was ${bold}${red}BLOCKED"
fi
done
IFS=""
}
testRandomReferrers () {
shuf -n 10 ${TRAVIS_BUILD_DIR}/_generator_lists/bad-referrers.list > ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-referrers-for-test-quick.list
sort -u ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-referrers-for-test-quick.list -o ${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-referrers-for-test-quick.list
printf "\n"
echo "${bold}${magenta}---------------------------------"
echo "${bold}${magenta}Testing 10 Random Bad Referrers"
echo "${bold}${magenta}---------------------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/random-referrers-for-test-quick.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -I http://localhost:9000 -e "http://${line}" 2>&1 | grep -i '(52)'; then
echo "${bold}${green}PASSED - ${red}${line} was ${bold}${red}BLOCKED"
else
echo "${bold}${red}FAILED - ${red}${line} was ${bold}${red}NOT BLOCKED"
fi
done
IFS=""
}
testGoodReferrers () {
printf "\n"
echo "${bold}${magenta}----------------------"
echo "${bold}${magenta}Testing Good Referrers"
echo "${bold}${magenta}----------------------"
IFS=$'\n'
file=${TRAVIS_BUILD_DIR}/.dev-tools/test_units/good-referrers-for-test.list
lines=$(cat ${file})
for line in ${lines}; do
if
curl -v -A "${line}" http://localhost:9000 2>&1 | grep -i 'Welcome'; then
echo "${bold}${green}PASSED - ${green}${line} was ${bold}${green}ALLOWED"
else
echo "${bold}${green}FAILED - ${red}${line} was ${bold}${red}BLOCKED"
fi
done
IFS=""
}
# -----------------
# Trigger Functions
# -----------------
echo "${bold}${green}--------------"
echo "${bold}${green}Tests Starting"
echo "${bold}${green}--------------"
printf "\n"
resetNginx
reloadNginX
waitforReload
run_curltest1
run_curltest2
run_curltest3
run_curltest4
run_curltest5
run_curltest6
run_curltest7
run_curltest8
run_curltest9
run_curltest10
run_curltest11
run_curltest12
run_curltest13
run_curltest14
run_curltest15
testBadUserAgents
testGoodUserAgents
testAllowedUserAgents
testLimitedUserAgents
testRandomReferrers
testGoodReferrers
printf "\n"
echo "${bold}${cyan}Tests Completed"
echo "${bold}${green}All Tests Passed"
# ----------------------
# Exit With Error Number
# ----------------------
exit ${?}
# ------------------------------------------------------------------------------
# MIT License
# ------------------------------------------------------------------------------
# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
# https://github.com/mitchellkrogza
# ------------------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# ------------------------------------------------------------------------------
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# ------------------------------------------------------------------------------
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ------------------------------------------------------------------------------

0
.dev-tools/test5_conf_files/.keep Normal file
View file

1
.dev-tools/test5_conf_files/bots.d/.keep Normal file
View file

@ -0,0 +1 @@
null

92
.dev-tools/test5_conf_files/bots.d/bad-referrer-words.conf Normal file
View file

@ -0,0 +1,92 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.10
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# -------------------------------
# !!! WARNING WARNING WARNING !!!
# -------------------------------
# ---------------------------------------
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ---------------------------------------
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
# his entire site to go down and not server any assets.
# That one entry would even cause any site containing a word like "specialist" anywhere in any
# of their sites pages to cause them to be blocked and whitelisting your own domain name in the
# whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE
# Think very carefully before you add any word here
# -----------------------------------------------------------------------------------------
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# -----------------------------------------------------------------------------------------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# As you can see in the examples below the word "adultgalls" is entered with a preceding \b and an ending \b
# this makes it now "\badultgalls\b". It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)adultgalls(?:\b|)" 1;
# "~*(?:\b)amateurxpass(?:\b|)" 1;
# "~*(?:\b)bigblackbooty(?:\b|)" 1;
# "~*(?:\b)blacktits(?:\b|)" 1;
# "~*(?:\b)cookie\-law\-enforcement(?:\b|)" 1;
# "~*(?:\b)free\-share\-buttons(?:\b|)" 1;
# "~*(?:\b)free\-social\-buttons(?:\b|)" 1;
# "~*(?:\b)fuck\-paid\-share\-buttons(?:\b|)" 1;
# "~*(?:\b)ilovevitaly(?:\b|)" 1;
# "~*(?:\b)law\-enforcement\-bot(?:\b|)" 1;
# "~*(?:\b)law\-enforcement\-check(?:\b|)" 1;
# "~*(?:\b)share\-buttons\-for\-free(?:\b|)" 1;
# "~*(?:\b)webfuck(?:\b|)" 1;
# "~*(?:\b)xxxrus(?:\b|)" 1;
# "~*(?:\b)zeroredirect(?:\b|)" 1;
# "~*(?:\b|)x22(?:\b|)" 1; (in this string if your own domain name was sex22.com it would be blocked)
# Here is a list of unsanitary words used in referrer strings - used in various injection attacks
# THE RULES BELOW ARE ENABLED BY DEFAULT
# You can disable this default list by switching the values to 0
"~*(?:\b|)mb_ereg_replace(?:\b|)" 1;
# -----------
# PLEASE NOTE
# -----------
# If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked.
# --------
# EXAMPLE:
# --------
# This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$"
# contains the above 'mb_ereg_replace" attack string
# If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected

45
.dev-tools/test5_conf_files/bots.d/blacklist-domains.conf Normal file
View file

@ -0,0 +1,45 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST YOUR OWN CUSTOM DOMAIN NAMES ###
### VERSION INFORMATION #
###################################################
### Version: V3.2018.04
### Updated: 2018-08-21
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own extra domains you want to blacklist.
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myblacklisteddomainname.com should be entered as myfirstowndomainname\.com
# and my-second-blacklisted.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myblacklisteddomainname\.com" is entered with a preceding \b and an ending \b
# this makes it now "\bmyblacklisteddomainname\.com\b". It is crucial to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*\bmyblacklisteddomainname\.com\b" 1;
# "~*\bmy\-second\-blacklisted\.com\b" 1;

103
.dev-tools/test5_conf_files/bots.d/blacklist-ips.conf Normal file
View file

@ -0,0 +1,103 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
# Add IP's you want to blacklist below this line, one per line as per example
# Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an
# IP here that may already be included by the blocker with it's daily updates
# NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload.
# 111.111.111.111 1;
# -------------------------------------------
# Cyveillance / Qwest Communications / PSINET
# -------------------------------------------
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications
# PSINET and Cyveillance
# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site
# Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able
# to access download links. Google Re-Captcha with images is too complex for any bot.
38.0.0.0/8 0;
206.2.138.0/23 0;
208.71.164.0/22 0;
4.17.135.32/27 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.192.0.0/11 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# ---------------
# Berkely Scanner
# ---------------
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.91 0;
# ------------
# MY BLACKLIST
# ------------
# 111.111.111.111 1;
# NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this.
# whitelist-ips.conf will always WIN and over-ride anything here and in the blocker

79
.dev-tools/test5_conf_files/bots.d/blacklist-user-agents.conf Normal file
View file

@ -0,0 +1,79 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST OR WHITELIST ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR
# ****************************************************************************************************
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR USER-AGENTS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.07
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block or whitelist.
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
# Please note this include file loads first before any of the already whitelisted User-Agents
# in the bad bot blocker. By loading first in line it over-rides anything below it so for instance
# if you want to block Baidu, Google or Bing for any reason you add them to this file which loads
# first and takes precedence over anything below it. This now allows even finer control over the
# bad bot blocker. Enjoy !!!
# Even though this file is called blacklist-user-agents, as mentioned it can also be used to whitelist user agents
# By adding them below and setting the 3; to 0; this will permanently whitelist the User-Agent.
# Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below.
# Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b|)"
# Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b|)"
# the "(?:\b)" and "(?:\b|)" are word boundaries which prevents partial matching and false positives.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------------------
# WHITELISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverygooduseragentname1(?:\b|)" 0;
# "~*(?:\b)someverygooduseragentname2(?:\b|)" 0;
# "~*(?:\b)some\-very\-good\-useragentname2(?:\b|)" 0;
# ---------------------
# BLACKLISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverybaduseragentname1(?:\b|)" 3;
# "~*(?:\b)someverybaduseragentname2(?:\b|)" 3;
# "~*(?:\b)some\-very\-bad\-useragentname2(?:\b|)" 3;
# Here are some default things I block on my own server, these appear in various types of injection attacks
# You can disable them if you have problems or don't agree by switching thir value to 0 or moving them into the whitelist section first and then making their value 0
# ------------
# MY WHITELIST
# ------------
# ------------
# MY BLACKLIST
# ------------
"~*(?:\b)x22(?:\b|)" 3;
"~*(?:\b){|}(?:\b|)" 3;
"~*(?:\b|)mb_ereg_replace(?:\b|)" 3;
"~*(?:\b|)file_put_contents(?:\b|)" 3;

85
.dev-tools/test5_conf_files/bots.d/blockbots.conf Normal file
View file

@ -0,0 +1,85 @@
# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.04
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Include this in a vhost file within a server {} block using and include statement like below
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
# -----------------------------------
# OVER-RIDE BLOCKER / SUPER WHITELIST
# -----------------------------------
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
#}
# --------------
# BLOCK BAD BOTS
# --------------
# Section bot_1 Unused
#limit_conn bot1_connlimit 100;
#limit_req zone=bot1_reqlimitip burst=50;
limit_conn bot2_connlimit 10;
limit_req zone=bot2_reqlimitip burst=10;
if ($bad_bot = '3') {
return 444;
}
# ---------------------
# BLOCK BAD REFER WORDS
# ---------------------
if ($bad_words) {
return 444;
}
# ------------------
# BLOCK BAD REFERERS
# ------------------
if ($bad_referer) {
return 444;
}
# -----------------------------
# BLOCK IP ADDRESSES and RANGES
# -----------------------------
if ($validate_client) {
return 444;
}

62
.dev-tools/test5_conf_files/bots.d/custom-bad-referrers.conf Normal file
View file

@ -0,0 +1,62 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR REFERRERS and DOMAINS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.08
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example some-veryvery-randomwebsitename-thatdoesnotexist4.com should be entered as
# some\-veryvery\-randomwebsitename\-thatdoesnotexist4\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "someveryveryrandomwebsitenamethatdoesnotexist1\.com"
# is entered with a preceding \b and an ending \b
# this makes it now "\bsomeveryveryrandomwebsitenamethatdoesnotexist1\.com\b".
# It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b|)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist2\.com(?:\b|)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist3\.com(?:\b|)" 1;
# "~*(?:\b)some\-veryvery\-randomweb\-sitenamethatdoesnotexist4\.com(?:\b|)" 1;
# ------------
# MY WHITELIST
# ------------
# "~*(?:\b)mywebsite\.com(?:\b|)" 0;
# ------------
# MY BLACKLIST
# ------------
# "~*(?:\b)someotherwebsite\.com(?:\b|)" 1;

36
.dev-tools/test5_conf_files/bots.d/ddos.conf Normal file
View file

@ -0,0 +1,36 @@
#######################################################################
### VERSION INFORMATION #
###################################################
### Version: V4.2019.02
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
limit_conn addr 200;
limit_req zone=flood burst=200 nodelay;

57
.dev-tools/test5_conf_files/bots.d/whitelist-domains.conf Normal file
View file

@ -0,0 +1,57 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.07
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myfirstowndomainname.com should be entered as myfirstowndomainname\.com
# and my-second-owndomainname.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myfirstowndomainname\.com" is entered with a preceding \b and an ending \b
# this makes it now "\bmyfirstowndomainname\.com\b". It is crucial to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)myfirstowndomainname\.com(?:\b|)" 0;
# "~*(?:\b)my\-second\-owndomainname\.com(?:\b|)" 0;
# ------------
# MY WHITELIST
# ------------
# NOTE: This file can also blacklist by giving something a value of 1
# but rather please do your blacklisting in the custom-bad-referrers.conf include file.
# NOTE: If you whitelist your own domain here, any words in bad-referrer-words.conf will not be effective if the attacker passes your own domain name in the referrer string.
# SEE NOTES: in bad-referrer-words.conf

49
.dev-tools/test5_conf_files/bots.d/whitelist-ips.conf Normal file
View file

@ -0,0 +1,49 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.05
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line as per the example
# Only add actual IP addresses and ranges here
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# REFRAIN FROM USING 127.0.0.1 AS IT MAY CAUSE UNDESIRABLE RESULTS ON SOME SYSTEMS
# ---------
# EXAMPLES:
# ---------
# 111.111.111.111 0;
# ------------
# MY WHITELIST
# ------------
# ------
# NOTES:
# ------
# - This file rules over any other other parts of the IP blocking.
# - If you blacklisted your own IP in blacklist-ips.conf whitelisting it here will over-ride the blacklisting.
# - Whitelisting IP's and RANGES here ONLY affects the IP blocking functions.
# - This file will NOT allow your own IP to bypass bad User-Agent or Referrer String checks.
# - To bypass everything for a certain IP see notes in blockbots.conf on SUPER WHITELIST
35.184.96.71 0;
35.202.145.110 0;

1
.dev-tools/test5_conf_files/conf.d/.keep Normal file
View file

@ -0,0 +1 @@
null

31
.dev-tools/test5_conf_files/conf.d/botblocker-nginx-settings.conf Normal file
View file

@ -0,0 +1,31 @@
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Version 1.1
# ! new directives also to be added to include_filelist.txt ! #
server_names_hash_bucket_size 256;
server_names_hash_max_size 4096;
variables_hash_max_size 4096;
variables_hash_bucket_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;
# ****************************************************************************
# NOTE: IF you are using a system like Nginx-Proxy from @JWilder
# ****************************************************************************
# Repo URL: https://github.com/jwilder/nginx-proxy
# You will need to comment out the first line here as follows.
# #server_names_hash_bucket_size 128;
# You will also need to modify the nginx.tmpl file to add the default include
# include /etc/nginx/conf.d/*
# ****************************************************************************

17990
.dev-tools/test5_conf_files/conf.d/globalblacklist.conf Normal file
View file

File diff suppressed because it is too large Load diff

15
.dev-tools/test5_conf_files/default.vhost Normal file
View file

@ -0,0 +1,15 @@
server {
listen *:9000;
root /var/www/html;
server_name localhost;
charset UTF-8;
# Nginx Bad Bot Blocker Includes
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
index index.html;
}

86
.dev-tools/test5_conf_files/nginx.conf Normal file
View file

@ -0,0 +1,86 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

8
.travis.yml
View file

@ -60,9 +60,11 @@ script:
- bash .dev-tools/beta-test-blocker-whitelist-ips.sh
- bash .dev-tools/beta-test-blocker-rate-limiting.sh
- bash .dev-tools/beta-test-blocker-whitelist.sh
# HERE WE TEST NGINX MAINSTREAM
- bash .dev-tools/install-nginx-mainstream.sh
- bash .dev-tools/test-nginx-mainstream.sh
# HERE WE TEST NGINX MAINLINE
- bash .dev-tools/install-nginx-mainline-ppa.sh
- bash .dev-tools/test-nginx-mainline-ppa.sh
- bash .dev-tools/install-nginx-mainline-nginx.sh
- bash .dev-tools/test-nginx-mainline-nginx.sh
- bash .dev-tools/modify-files-and-commit.sh
before_deploy: