mirror of
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git
synced 2025-09-02 18:50:13 +00:00
543e70c105
* sending email via the script is optional (users may already have MAILTO set in cron or monitor syslogs by email) * only reload nginx config if the download is successful
84 lines
2.4 KiB
Bash
Executable file
84 lines
2.4 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
# Shell Script for Auto Updating the Nginx Bad Bot Blocker
|
|
# Copyright: https://github.com/mitchellkrogza
|
|
# Project Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
|
|
# Update script & Alpine Linux package by Stuart Cardall: https://github.com/itoffshore
|
|
|
|
# MAKE SURE you have your whitelist-ips.conf, whitelist-domains.conf and blacklist-user-agents.conf files in /etc/nginx/bots.d
|
|
# A major change to using include files was introduced in
|
|
# https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/commit/c7acdfa8228d2f19a83e5bb14d54355db86fcebf
|
|
# Nginx will fail a reload with [EMERG] without the presence of these files.
|
|
|
|
# PLEASE READ UPDATED CONFIGURATION INSTRUCTIONS BEFORE USING THIS
|
|
|
|
# Save this file as /usr/sbin/updatenginxblocker
|
|
# Make it Executable chmod 700 /usr/sbin/updatenginxblocker
|
|
|
|
# RUN THE UPDATE
|
|
# Here our script runs, pulls the latest update, reloads nginx and emails you a notification
|
|
|
|
email="me@myemail.com"
|
|
send_email="Y"
|
|
conf_dir=/etc/nginx/conf.d
|
|
url=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/conf.d/globalblacklist.conf
|
|
|
|
service_cmd() {
|
|
# arch linux does not have a 'service' command
|
|
local svc= svc_list="service systemctl rc-service"
|
|
|
|
for svc in $svc_list; do
|
|
svc=$(which $svc 2>/dev/null)
|
|
if [ -n "$svc" ]; then
|
|
echo $svc
|
|
exit 0
|
|
fi
|
|
done
|
|
}
|
|
|
|
wget_opts() {
|
|
local opts=
|
|
|
|
# Busybox wget gives less verbose output by default
|
|
if [ -n "$(wget --help 2>/dev/null | grep "\-nv")" ]; then
|
|
opts="-nv"
|
|
fi
|
|
|
|
opts="$opts -O $conf_dir/globalblacklist.conf"
|
|
echo $opts
|
|
}
|
|
|
|
# require root
|
|
if [ "$(id -u)" != "0" ]; then
|
|
echo "This script must be run as root" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
# default to service (centos does not have 'which' by default)
|
|
service=${service_cmd:-"service"}
|
|
email_report=$(mktemp)
|
|
options=$(wget_opts)
|
|
|
|
# download update
|
|
mkdir -p $conf_dir
|
|
wget $url $options 2>&1 | tee $email_report
|
|
|
|
# re-read configuration
|
|
if ! grep "Not Found" $email_report; then
|
|
$service nginx reload | tee -a $email_report
|
|
else
|
|
printf "\nDownload failed: not reloading nginx config\n" | tee -a $email_report
|
|
fi
|
|
|
|
# email report
|
|
case "$send_email" in
|
|
y*|Y*) cat $email_report | mail -s "Nginx Bad Bot Blocker Updated" $email;;
|
|
esac
|
|
|
|
rm -f $email_report
|
|
|
|
exit $?
|
|
|
|
# Add this as a cron to run daily / weekly as you like
|
|
# Here's a sample CRON entry to update every day at 10pm
|
|
# 00 22 * * * /usr/sbin/updatenginxblocker
|