Last active
August 29, 2015 14:04
-
-
Save kingsumos/539596dc24927d1e6390 to your computer and use it in GitHub Desktop.
KF Redirect Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user nobody; | |
worker_processes 2; | |
#error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#error_log logs/error.log debug; | |
#pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
#include /nginx/conf/naxsi_core.rules; | |
include mime.types; | |
default_type application/octet-stream; | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# '$status $body_bytes_sent "$http_referer" ' | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
#access_log logs/access.log main; | |
sendfile off; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
#keepalive_timeout 65; | |
server_names_hash_bucket_size 128; | |
## Start: Size Limits & Buffer Overflows ## | |
client_body_buffer_size 1K; | |
client_header_buffer_size 1k; | |
client_max_body_size 1k; | |
large_client_header_buffers 2 1k; | |
## END: Size Limits & Buffer Overflows ## | |
## Start: Timeouts ## | |
client_body_timeout 10; | |
client_header_timeout 10; | |
keepalive_timeout 30; | |
send_timeout 10; | |
keepalive_requests 10; | |
## End: Timeouts ## | |
#gzip on; | |
geo $limited { | |
default 1; | |
127.0.0.1 0; | |
10.0.0.0/8 0; | |
172.16.0.0/12 0; | |
192.168.0.0/16 0; | |
} | |
map $limited $limit { | |
0 ""; | |
1 $binary_remote_addr; | |
} | |
limit_conn_zone $limit zone=conn_limit_per_ip:10m; | |
limit_req_zone $limit zone=req_limit_per_ip:10m rate=3r/s; | |
limit_traffic_rate_zone rate $limit 10m; | |
lua_shared_dict clients 10m; | |
server { | |
limit_conn conn_limit_per_ip 1; | |
limit_req zone=req_limit_per_ip burst=6; | |
server_tokens off; | |
# remove the "Server: nginx" header | |
more_set_headers 'Server:'; | |
listen 80; | |
server_name localhost; | |
#charset koi8-r; | |
#access_log logs/host.access.log main; | |
location @fallback_403 { | |
default_type 'text/html'; | |
echo "<html>"; | |
echo "<head><title>403 Forbidden</title></head>"; | |
echo "<body bgcolor=\"white\">"; | |
echo "<center><h1>403 Forbidden</h1></center>"; | |
echo "</body>"; | |
echo "</html>"; | |
} | |
error_page 401 403 @fallback_403; | |
location @fallback_404 { | |
default_type 'text/html'; | |
echo "<html>"; | |
echo "<head><title>404 Not Found</title></head>"; | |
echo "<body bgcolor=\"white\">"; | |
echo "<center><h1>404 Not Found</h1></center>"; | |
echo "</body>"; | |
echo "</html>"; | |
} | |
error_page 404 @fallback_404; | |
location @fallback_5xx { | |
default_type 'text/html'; | |
echo "<html>"; | |
echo "<head><title>500 Internal Server Error</title></head>"; | |
echo "<body bgcolor=\"white\">"; | |
echo "<center><h1>500 Internal Server Error</h1></center>"; | |
echo "</body>"; | |
echo "</html>"; | |
} | |
error_page 500 501 502 503 504 @fallback_5xx; | |
location / { | |
include ./conf/mysite.rules; # see also http block naxsi include line | |
root html; | |
index index.html index.htm; | |
deny all; | |
} | |
location /set { | |
default_type 'text/plain'; | |
# allow only localhost access | |
allow 127.0.0.1; | |
deny all; | |
# add IP in the whitelist (e.g. http://127.0.0.1/set?ip=192.168.0.1) | |
set_by_lua $res ' | |
local clients = ngx.shared.clients | |
local args = ngx.req.get_uri_args() | |
clients:set("ip_"..args.ip, 1, 7200) | |
return args.ip | |
'; | |
# allow only UNREAL user agent | |
if ($http_user_agent !~* Unreal) { | |
return 403; | |
} | |
# return results | |
add_header 'Content-Location' 'KF: $res'; | |
return 200; | |
} | |
location /redirect { | |
include ./conf/mysite.rules; # see also http block naxsi include line | |
limit_traffic_rate rate 256k; | |
#autoindex on; | |
# allow only whitelisted IP's | |
access_by_lua ' | |
local clients = ngx.shared.clients | |
local allow = clients:get("ip_"..ngx.var.remote_addr) or tonumber(ngx.var.limited) == 0 | |
if not allow then | |
ngx.sleep(0.3) | |
allow = clients:get("ip_"..ngx.var.remote_addr) | |
if not allow then | |
ngx.exit(ngx.HTTP_FORBIDDEN) | |
end | |
end | |
'; | |
# allow only UNREAL user agent | |
if ($http_user_agent !~* Unreal) { | |
return 403; | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Coded by Sumo (2014) | |
// | |
class RedirectAccessControl extends AccessControl; | |
event PreLogin | |
( | |
string Options, | |
string Address, | |
string PlayerID, | |
out string Error, | |
out string FailCode, | |
bool bSpectator | |
) | |
{ | |
local int i; | |
local string PlayerIP; | |
local RedirectTCPLinkHandler H; | |
super.PreLogin(Options,Address,PlayerID,Error,FailCode,bSpectator); | |
// do not allow redirect server access if user is kicked/banned | |
if( FailCode=="SESSIONBAN" || FailCode=="LOCALBAN" ) | |
return; | |
// get the player IP | |
i = InStr(Address, ":"); | |
if(i != -1) | |
PlayerIP = Left(Address, i); | |
else | |
PlayerIP = Address; | |
// send the player IP to nginx | |
H = Spawn(Class'RedirectTCPLinkHandler', self); | |
if( H != none ) | |
H.Init( PlayerIP ); | |
} | |
defaultproperties | |
{ | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Coded by Sumo (2014) | |
// | |
class RedirectTCPLinkHandler extends Info; | |
var InternetInfo TcpLink; | |
function PostBeginPlay() | |
{ | |
SetTimer(60, false); | |
} | |
function Timer() | |
{ | |
if( TcpLink != none ) | |
TcpLink.Destroy(); | |
Destroy(); | |
} | |
function Init(string PlayerIP) | |
{ | |
TcpLink = Spawn(Class'KFMod.KFBufferedTCPLink', self); | |
if( TcpLink != none ) | |
{ | |
TcpLink.OnServerResponded = OnServerResponded; | |
TcpLink.OnServerConnectTimeout = OnServerFailedToRespond; | |
TcpLink.Init("127.0.0.1", "GET /set?ip="$PlayerIP$" HTTP/1.0"$Chr(13)$Chr(10)$"User-Agent: Unreal"$Chr(13)$Chr(10)$Chr(13)$Chr(10)); | |
} | |
} | |
function bool OnServerFailedToRespond() | |
{ | |
log("ERROR: unable to access the nginx redirect server"); | |
TcpLink.Destroy(); | |
TcpLink = none; | |
return true; | |
} | |
function OnServerResponded(string Response) | |
{ | |
local int i; | |
local string PlayerIP; | |
i = InStr(Response, Chr(13)); | |
if(i != -1) | |
PlayerIP = Left(Response, i); | |
else | |
PlayerIP = Response; | |
log("Player IP" @ PlayerIP @ "was added in the redirect whitelist"); | |
TcpLink.Destroy(); | |
TcpLink = none; | |
} | |
defaultproperties | |
{ | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment