kopia lustrzana https://github.com/alecmuffett/eotk
378 wiersze
11 KiB
Awk
378 wiersze
11 KiB
Awk
# ---- BEGIN CODE GENERATED BY ../lib.d/generate-bw-code.pl ---- -*- awk -*-
|
|
|
|
# blacklists (generated)
|
|
%%IF %USER_AGENT_BLACKLIST%
|
|
# check user_agent_blacklist (generated)
|
|
%%CSV %USER_AGENT_BLACKLIST%
|
|
if ( $http_user_agent = "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no user_agent_blacklist
|
|
%%ENDIF
|
|
%%IF %USER_AGENT_BLACKLIST_RE%
|
|
# check user_agent_blacklist_re (generated)
|
|
%%CSV %USER_AGENT_BLACKLIST_RE%
|
|
if ( $http_user_agent ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no user_agent_blacklist_re
|
|
%%ENDIF
|
|
%%IF %REFERER_BLACKLIST%
|
|
# check referer_blacklist (generated)
|
|
%%CSV %REFERER_BLACKLIST%
|
|
if ( $http_referer = "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no referer_blacklist
|
|
%%ENDIF
|
|
%%IF %REFERER_BLACKLIST_RE%
|
|
# check referer_blacklist_re (generated)
|
|
%%CSV %REFERER_BLACKLIST_RE%
|
|
if ( $http_referer ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no referer_blacklist_re
|
|
%%ENDIF
|
|
%%IF %ORIGIN_BLACKLIST%
|
|
# check origin_blacklist (generated)
|
|
%%CSV %ORIGIN_BLACKLIST%
|
|
if ( $http_origin = "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no origin_blacklist
|
|
%%ENDIF
|
|
%%IF %ORIGIN_BLACKLIST_RE%
|
|
# check origin_blacklist_re (generated)
|
|
%%CSV %ORIGIN_BLACKLIST_RE%
|
|
if ( $http_origin ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no origin_blacklist_re
|
|
%%ENDIF
|
|
%%IF %HOST_BLACKLIST%
|
|
# check host_blacklist (generated)
|
|
%%CSV %HOST_BLACKLIST%
|
|
if ( $http_host = "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no host_blacklist
|
|
%%ENDIF
|
|
%%IF %HOST_BLACKLIST_RE%
|
|
# check host_blacklist_re (generated)
|
|
%%CSV %HOST_BLACKLIST_RE%
|
|
if ( $http_host ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no host_blacklist_re
|
|
%%ENDIF
|
|
%%IF %PATH_BLACKLIST%
|
|
# check path_blacklist (generated)
|
|
%%CSV %PATH_BLACKLIST%
|
|
if ( $uri = "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no path_blacklist
|
|
%%ENDIF
|
|
%%IF %PATH_BLACKLIST_RE%
|
|
# check path_blacklist_re (generated)
|
|
%%CSV %PATH_BLACKLIST_RE%
|
|
if ( $uri ~* "%0%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no path_blacklist_re
|
|
%%ENDIF
|
|
%%IF %PARAM_BLACKLIST%
|
|
# check param_blacklist (generated)
|
|
%%CSV %PARAM_BLACKLIST%
|
|
if ( $arg_%1% = "%2%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no param_blacklist
|
|
%%ENDIF
|
|
%%IF %PARAM_BLACKLIST_RE%
|
|
# check param_blacklist_re (generated)
|
|
%%CSV %PARAM_BLACKLIST_RE%
|
|
if ( $arg_%1% ~* "%2%" ) { %NGINX_ACTION_ABORT%; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no param_blacklist_re
|
|
%%ENDIF
|
|
|
|
# polite blocks (generated)
|
|
%%IF %SUPPRESS_TOR2WEB%
|
|
# polite block for suppress_tor2web (generated)
|
|
%%CSV %SUPPRESS_TOR2WEB%
|
|
if ( $http_x_tor2web ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no suppress_tor2web
|
|
%%ENDIF
|
|
%%IF %BLOCK_USER_AGENT%
|
|
# polite block for block_user_agent (generated)
|
|
%%CSV %BLOCK_USER_AGENT%
|
|
if ( $http_user_agent = "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_user_agent
|
|
%%ENDIF
|
|
%%IF %BLOCK_USER_AGENT_RE%
|
|
# polite block for block_user_agent_re (generated)
|
|
%%CSV %BLOCK_USER_AGENT_RE%
|
|
if ( $http_user_agent ~* "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_user_agent_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_REFERER%
|
|
# polite block for block_referer (generated)
|
|
%%CSV %BLOCK_REFERER%
|
|
if ( $http_referer = "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_referer
|
|
%%ENDIF
|
|
%%IF %BLOCK_REFERER_RE%
|
|
# polite block for block_referer_re (generated)
|
|
%%CSV %BLOCK_REFERER_RE%
|
|
if ( $http_referer ~* "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_referer_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_ORIGIN%
|
|
# polite block for block_origin (generated)
|
|
%%CSV %BLOCK_ORIGIN%
|
|
if ( $http_origin = "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_origin
|
|
%%ENDIF
|
|
%%IF %BLOCK_ORIGIN_RE%
|
|
# polite block for block_origin_re (generated)
|
|
%%CSV %BLOCK_ORIGIN_RE%
|
|
if ( $http_origin ~* "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_origin_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_HOST%
|
|
# polite block for block_host (generated)
|
|
%%CSV %BLOCK_HOST%
|
|
if ( $http_host = "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_host
|
|
%%ENDIF
|
|
%%IF %BLOCK_HOST_RE%
|
|
# polite block for block_host_re (generated)
|
|
%%CSV %BLOCK_HOST_RE%
|
|
if ( $http_host ~* "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_host_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_PATH%
|
|
# polite block for block_path (generated)
|
|
%%CSV %BLOCK_PATH%
|
|
if ( $uri = "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_path
|
|
%%ENDIF
|
|
%%IF %BLOCK_PATH_RE%
|
|
# polite block for block_path_re (generated)
|
|
%%CSV %BLOCK_PATH_RE%
|
|
if ( $uri ~* "%0%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_path_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_LOCATION%
|
|
# polite block for block_location (generated)
|
|
%%CSV %BLOCK_LOCATION%
|
|
location %0% { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_location
|
|
%%ENDIF
|
|
%%IF %BLOCK_LOCATION_RE%
|
|
# polite block for block_location_re (generated)
|
|
%%CSV %BLOCK_LOCATION_RE%
|
|
location ~* "%0%" { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_location_re
|
|
%%ENDIF
|
|
%%IF %BLOCK_PARAM%
|
|
# polite block for block_param (generated)
|
|
%%CSV %BLOCK_PARAM%
|
|
if ( $arg_%1% = "%2%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_param
|
|
%%ENDIF
|
|
%%IF %BLOCK_PARAM_RE%
|
|
# polite block for block_param_re (generated)
|
|
%%CSV %BLOCK_PARAM_RE%
|
|
if ( $arg_%1% ~* "%2%" ) { return 403 "%BLOCK_ERR%"; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no block_param_re
|
|
%%ENDIF
|
|
|
|
# redirects (generated)
|
|
%%IF %REDIRECT_HOST%
|
|
# redirect redirect_host: 1=regexp,2=code,3=dest (REQUEST_URI will be appended) (generated)
|
|
%%CSV %REDIRECT_HOST%
|
|
if ( $host ~* "%1%" ) {
|
|
set $dont_onionify_response_headers 1; # dest URL must not be rewritten, prevent loops; cookies may migrate.
|
|
return %2% %3%$request_uri;
|
|
}
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no redirect_host
|
|
%%ENDIF
|
|
%%IF %REDIRECT_PATH%
|
|
# redirect redirect_path: 1=regexp,2=code,3=dest (REQUEST_URI will be appended) (generated)
|
|
%%CSV %REDIRECT_PATH%
|
|
if ( $uri ~* "%1%" ) {
|
|
return %2% %3%$request_uri;
|
|
}
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no redirect_path
|
|
%%ENDIF
|
|
%%IF %REDIRECT_FIXED_HOST%
|
|
# fixed_redirect redirect_fixed_host: 1=regexp,2=code,3=dest (REQUEST_URI will NOT be appended) (generated)
|
|
%%CSV %REDIRECT_FIXED_HOST%
|
|
if ( $host ~* "%1%" ) {
|
|
set $dont_onionify_response_headers 1; # dest URL must not be rewritten, prevent loops; cookies may migrate.
|
|
return %2% %3%;
|
|
}
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no redirect_fixed_host
|
|
%%ENDIF
|
|
%%IF %REDIRECT_FIXED_PATH%
|
|
# fixed_redirect redirect_fixed_path: 1=regexp,2=code,3=dest (REQUEST_URI will NOT be appended) (generated)
|
|
%%CSV %REDIRECT_FIXED_PATH%
|
|
if ( $uri ~* "%1%" ) {
|
|
return %2% %3%;
|
|
}
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no redirect_fixed_path
|
|
%%ENDIF
|
|
|
|
# whitelists (generated)
|
|
%%IF %USER_AGENT_WHITELIST%
|
|
# check user_agent_whitelist (generated)
|
|
set $fail_user_agent_whitelist 1;
|
|
%%CSV %USER_AGENT_WHITELIST%
|
|
if ( $http_user_agent = "%0%" ) { set $fail_user_agent_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no user_agent_whitelist
|
|
%%ENDIF
|
|
%%IF %USER_AGENT_WHITELIST_RE%
|
|
# check user_agent_whitelist_re (generated)
|
|
set $fail_user_agent_whitelist_re 1;
|
|
%%CSV %USER_AGENT_WHITELIST_RE%
|
|
if ( $http_user_agent ~* "%0%" ) { set $fail_user_agent_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no user_agent_whitelist_re
|
|
%%ENDIF
|
|
%%IF %REFERER_WHITELIST%
|
|
# check referer_whitelist (generated)
|
|
set $fail_referer_whitelist 1;
|
|
%%CSV %REFERER_WHITELIST%
|
|
if ( $http_referer = "%0%" ) { set $fail_referer_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no referer_whitelist
|
|
%%ENDIF
|
|
%%IF %REFERER_WHITELIST_RE%
|
|
# check referer_whitelist_re (generated)
|
|
set $fail_referer_whitelist_re 1;
|
|
%%CSV %REFERER_WHITELIST_RE%
|
|
if ( $http_referer ~* "%0%" ) { set $fail_referer_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no referer_whitelist_re
|
|
%%ENDIF
|
|
%%IF %ORIGIN_WHITELIST%
|
|
# check origin_whitelist (generated)
|
|
set $fail_origin_whitelist 1;
|
|
%%CSV %ORIGIN_WHITELIST%
|
|
if ( $http_origin = "%0%" ) { set $fail_origin_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no origin_whitelist
|
|
%%ENDIF
|
|
%%IF %ORIGIN_WHITELIST_RE%
|
|
# check origin_whitelist_re (generated)
|
|
set $fail_origin_whitelist_re 1;
|
|
%%CSV %ORIGIN_WHITELIST_RE%
|
|
if ( $http_origin ~* "%0%" ) { set $fail_origin_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no origin_whitelist_re
|
|
%%ENDIF
|
|
%%IF %HOST_WHITELIST%
|
|
# check host_whitelist (generated)
|
|
set $fail_host_whitelist 1;
|
|
%%CSV %HOST_WHITELIST%
|
|
if ( $http_host = "%0%" ) { set $fail_host_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no host_whitelist
|
|
%%ENDIF
|
|
%%IF %HOST_WHITELIST_RE%
|
|
# check host_whitelist_re (generated)
|
|
set $fail_host_whitelist_re 1;
|
|
%%CSV %HOST_WHITELIST_RE%
|
|
if ( $http_host ~* "%0%" ) { set $fail_host_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no host_whitelist_re
|
|
%%ENDIF
|
|
%%IF %PATH_WHITELIST%
|
|
# check path_whitelist (generated)
|
|
set $fail_path_whitelist 1;
|
|
%%CSV %PATH_WHITELIST%
|
|
if ( $uri = "%0%" ) { set $fail_path_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no path_whitelist
|
|
%%ENDIF
|
|
%%IF %PATH_WHITELIST_RE%
|
|
# check path_whitelist_re (generated)
|
|
set $fail_path_whitelist_re 1;
|
|
%%CSV %PATH_WHITELIST_RE%
|
|
if ( $uri ~* "%0%" ) { set $fail_path_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no path_whitelist_re
|
|
%%ENDIF
|
|
%%IF %PARAM_WHITELIST%
|
|
# check param_whitelist (generated)
|
|
set $fail_param_whitelist 1;
|
|
%%CSV %PARAM_WHITELIST%
|
|
if ( $arg_%1% = "%2%" ) { set $fail_param_whitelist 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no param_whitelist
|
|
%%ENDIF
|
|
%%IF %PARAM_WHITELIST_RE%
|
|
# check param_whitelist_re (generated)
|
|
set $fail_param_whitelist_re 1;
|
|
%%CSV %PARAM_WHITELIST_RE%
|
|
if ( $arg_%1% ~* "%2%" ) { set $fail_param_whitelist_re 0; }
|
|
%%ENDCSV
|
|
%%ELSE
|
|
# no param_whitelist_re
|
|
%%ENDIF
|
|
|
|
# ---- END CODE GENERATED BY ../lib.d/generate-bw-code.pl ----
|