From c7acdfa8228d2f19a83e5bb14d54355db86fcebf Mon Sep 17 00:00:00 2001 From: Mitchell Krog Date: Thu, 16 Feb 2017 08:28:01 +0200 Subject: [PATCH] =?UTF-8?q?V2.2017.04=20-=20Added=20new=20include=20files?= =?UTF-8?q?=20method=20for=20whitelisting=20your=20own=20IP=E2=80=99s=20an?= =?UTF-8?q?d=20Domain=20Names?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 5 ++++ NGINX-SSL-Site-Config-Example.md | 32 ----------------------- README.md | 45 +++++++++++++++----------------- bots.d/whitelist-domains.conf | 1 + bots.d/whitelist-ips.conf | 1 + conf.d/globalblacklist.conf | 11 +++++--- robots.txt/LICENSE.md | 22 ++++++++++++++++ 7 files changed, 58 insertions(+), 59 deletions(-) create mode 100644 bots.d/whitelist-domains.conf create mode 100644 bots.d/whitelist-ips.conf create mode 100755 robots.txt/LICENSE.md diff --git a/CHANGELOG.md b/CHANGELOG.md index c7c622545..842fb0a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ #CHANGELOG - Nginx Bad Bot Blocker +###2017-02-16 +- V2.2017.04 Added new include file methods for whitelisting your own domains and IP addresses. + No more having to remember to include your own IP ranges with any future update. + **Please read updated configuration instructions.** on README.md + ###2017-02-08 - V2.2017.03 - Added Travis CI Build Checking and Various Readme File Updates diff --git a/NGINX-SSL-Site-Config-Example.md b/NGINX-SSL-Site-Config-Example.md index 2ed1e0dd4..92b28e89d 100644 --- a/NGINX-SSL-Site-Config-Example.md +++ b/NGINX-SSL-Site-Config-Example.md @@ -142,35 +142,3 @@ server { ``` ### If this helped you [You can buy me a beer](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=BKF9XT6WHATLG):beer: or send some cheese for my mouse [![gitcheese.com](https://api.gitcheese.com/v1/projects/92bf5669-7d2c-447d-baa4-216ac9e720a6/badges)](https://www.gitcheese.com/app/#/projects/92bf5669-7d2c-447d-baa4-216ac9e720a6/pledges/create) - -## CLOUDFLARE CPanel Users -If you are running a CPanel system that is running through Cloudflare (quite likely) you should whitelist all the following ranges including of course your own IP(s). Considering adding this as a permament whitelist in the bot blocker by default. - -``` -127.0.0.1/32; -YOUR.OWN.IP.ADDR; -103.21.244.0/22; -103.22.200.0/22; -103.31.4.0/22; -104.16.0.0/12; -108.162.192.0/18; -131.0.72.0/22; -141.101.64.0/18; -162.158.0.0/15; -172.64.0.0/13; -173.245.48.0/20; -188.114.96.0/20; -190.93.240.0/20; -197.234.240.0/22; -198.41.128.0/17; -199.27.128.0/21; -2400:cb00::/32; -2606:4700::/32; -2803:f800::/32; -2405:b500::/32; -2405:8100::/32; -2c0f:f248::/32 -2a06:98c0::/29 -``` - -### If this helped you [You can buy me a beer](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=BKF9XT6WHATLG):beer: or send some cheese for my mouse [![gitcheese.com](https://api.gitcheese.com/v1/projects/92bf5669-7d2c-447d-baa4-216ac9e720a6/badges)](https://www.gitcheese.com/app/#/projects/92bf5669-7d2c-447d-baa4-216ac9e720a6/pledges/create) \ No newline at end of file diff --git a/README.md b/README.md index 4f9a4df66..2945a3d3e 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ # Nginx Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker and Wordpress Theme Detector Blocker ##### The Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, Adware, Malware and Ransomware Blocker, Clickjacking Blocker, Click Re-Directing Blocker and Bad IP Blocker with Anti DDOS System, Nginx Rate Limiting and Wordpress Theme Detector Blocking -### Version 2.2017.03 +### Version 2.2017.04 ##### Created by: https://github.com/mitchellkrogza ##### Copyright Mitchell Krog @@ -131,29 +131,7 @@ Copy the contents of **/conf.d/globalblacklist.conf** into your /etc/nginx/conf. `sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/conf.d/globalblacklist.conf` -##Step 2: - -Whitelist all your own domain names - -`sudo nano /etc/conf.d/globalblacklist.conf` - -Scroll down until you find the block starting with: - -``` -# *********************************** -# Whitelist all your OWN IP addresses -# *********************************** -``` - -Add your own ip addresses to make sure they are whitelisted (one per line as per this example) - -``` -127.0.0.1 0; -192.168.0.1 0; -192.168.1.1 0; -``` - -##Step 3: +##Step 2: - From your command line in Linux type @@ -170,6 +148,25 @@ Add your own ip addresses to make sure they are whitelisted (one per line as per `sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/bots.d/ddos.conf` +##Step 3: + +Whitelist all your own domain names and IP addresses. **Please note important changes**, this is now done using include files so that you do not have to keep reinserting your whitelisted domains and IP addresses every time you update. + +`cd /etc/nginx/bots.d` + +- copy the whitelist-ips.conf file into that folder + +`sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/bots.d/whitelist-ips.conf` + + +- copy the whitelist-domains.conf file into the same folder + +`sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/bots.d/whitelist-domains.conf` + +Use nano, vim or any other text editor to edit both whitelist-ips.conf and whitelist-domains.conf to include all your own domain names and IP addresses that you want to specifically whitelist from the blocker script. + +When pulling any future updates now you can simply pull the latest globalblacklist.conf file and it will automatically include your whitelisted domains and IP addresses. + ##Step 4: diff --git a/bots.d/whitelist-domains.conf b/bots.d/whitelist-domains.conf new file mode 100644 index 000000000..59648a8a3 --- /dev/null +++ b/bots.d/whitelist-domains.conf @@ -0,0 +1 @@ +"~*~*mydomain.com" 0; \ No newline at end of file diff --git a/bots.d/whitelist-ips.conf b/bots.d/whitelist-ips.conf new file mode 100644 index 000000000..37fc5212e --- /dev/null +++ b/bots.d/whitelist-ips.conf @@ -0,0 +1 @@ +127.0.0.1 0; \ No newline at end of file diff --git a/conf.d/globalblacklist.conf b/conf.d/globalblacklist.conf index c6109afa8..06632c88f 100644 --- a/conf.d/globalblacklist.conf +++ b/conf.d/globalblacklist.conf @@ -2,7 +2,7 @@ ### THE ULTIMATE NGINX BAD BOT BLOCKER ### ********************************** -### Version 2.2017.03 +### Version 2.2017.04 ### This file implements a checklist / blacklist for good user agents, bad user agents and ### bad referrers. It also has whitelisting for your own IP's and known good IP Ranges @@ -875,8 +875,10 @@ map $http_referer $bad_referer { # ************************************ # Add your own domain names here to spare them from referer checking (one per line) + # Use the new include file method so any further updates will no longer require you to + # have to keep putting your whitelisted domains here when updating. - "~*~*mydomain.com" 0; + include /etc/nginx/bots.d/whitelist-domains.conf; # START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ### "~*000free.us" 1; @@ -4836,7 +4838,10 @@ geo $validate_client { # Whitelist all your own IP addresses from any validate_client checks # Add all your IP addresses and ranges below (one per line) - 127.0.0.1 0; + # Use the new include file method so any further updates will no longer require you to + # have to keep putting your whitelisted IP addresses here when updating. + + include /etc/nginx/bots.d/whitelist-ips.conf; # *********** # Google Bots diff --git a/robots.txt/LICENSE.md b/robots.txt/LICENSE.md new file mode 100755 index 000000000..bf6209077 --- /dev/null +++ b/robots.txt/LICENSE.md @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +https://github.com/mitchellkrogza + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE.