lua suitable for blocking request ip based on requested file ?

eva2000 · 2016-01-07T05:08:24+00:00

I haven't used any of these, but a quick google showed some promising results.Looks like the "official" Lua Etcd clienthttps://github.com/coreos/corelb/blob/...

lua suitable for blocking request ip based on requested file ?

eva2000

Still new to nginx lua so not entirely sure if lua would be the right tool for the task.

The task being to block a requesting ip address from all requests i.e. 403 or 444 status based on a defined list of requested files such as wp-config.old, wp-config.save, wp-config.bak etc.

So if a scanner or bot requests wp-config.old, I'd block the scanner/bot's ip for all it's requests

Scanners like WPScan https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilities.html for example

any pointers or tips would be great :)

George

agentzh

Hello!

On Wed, Jan 6, 2016 at 1:08 PM, George Liu wrote:
> Still new to nginx lua so not entirely sure if lua would be the right tool
> for the task.
>
> The task being to block a requesting ip address from all requests i.e. 403
> or 444 status based on a defined list of requested files such as
> wp-config.old, wp-config.save, wp-config.bak etc.
>
> So if a scanner or bot requests wp-config.old, I'd block the scanner/bot's
> ip for all it's requests
>

Yeah, it looks like a perfect use case of OpenResty/ngx_lua. Something
like this should work:

    location / {

        access_by_lua_block {
            local client_ip = ngx.var.remote_addr
            if client_ip == "1.2.3.4" then
                return ngx.exit(403)
            end
        }

        proxy_pass/fastcgi_pass/etc ...
    }

For example, CloudFlare's WAF system is using this approach:

    https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/

Regards,
-agentzh

eva2000

Thanks agentzh for the reply much appreciated :)

On Thursday, January 7, 2016 at 8:52:37 AM UTC+10, agentzh wrote:

Hello!

On Wed, Jan 6, 2016 at 1:08 PM, George Liu wrote:
> Still new to nginx lua so not entirely sure if lua would be the right tool
> for the task.
>
> The task being to block a requesting ip address from all requests i.e. 403
> or 444 status based on a defined list of requested files such as
> wp-config.old, wp-config.save, wp-config.bak etc.
>
> So if a scanner or bot requests wp-config.old, I'd block the scanner/bot's
> ip for all it's requests
>

Yeah, it looks like a perfect use case of OpenResty/ngx_lua. Something
like this should work:

location / {

access_by_lua_block {
local client_ip = ngx.var.remote_addr
if client_ip == "1.2.3.4" then
return ngx.exit(403)
end
}

proxy_pass/fastcgi_pass/etc ...
}

For example, CloudFlare's WAF system is using this approach:

https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/

Regards,
-agentzh