Skip to content

Instantly share code, notes, and snippets.

@theMiddleBlue
Last active November 4, 2023 23:35
Show Gist options
  • Save theMiddleBlue/02142f84007a5538491e109b383f28ba to your computer and use it in GitHub Desktop.
Save theMiddleBlue/02142f84007a5538491e109b383f28ba to your computer and use it in GitHub Desktop.
Nginx Lua DNSBL
# Configuration
# --------------
# Comment the following line if you are not behind a proxy_pass or load balancer
set $dnsbl_clientip $remote_addr;
# Uncomment if the client IP is on X-Forwarded-For
#set $dnsbl_clientip $http_x_forwarded_for;
# Uncomment if you are using CloudFlare
#set $dnsbl_clientip $http_cf_connecting_ip;
# Insert your Project Honeypot Access-Key
set $dnsbl_httpbl_accesskey "abcdefghijkl";
# leave this empty
set $dnsblres "";
# --------------
rewrite_by_lua_block {
local clientip = ngx.var.dnsbl_clientip
local dnsblccval, dnsblccflag = ngx.shared.dnsblcache:get(clientip)
if dnsblccval ~= nil then
ngx.var.dnsblres = dnsblccval
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local dnsblserv = {
["projecthoneypot"]={
["accesskey"]=ngx.var.dnsbl_httpbl_accesskey,
["host"]="dnsbl.httpbl.org"
},
["sorbs"]={
["accesskey"]="",
["host"]="dnsbl.sorbs.net"
}
}
local resolver = require "resty.dns.resolver"
local r, err = resolver:new {
nameservers = {"8.8.8.8"},
retrans = 1,
timeout = 2000,
}
a,b,c,d = clientip:match("([%d]+).([%d]+).([%d]+).([%d]+)")
ngx.say(a)
for blserv,bltable in pairs(dnsblserv) do
local accesskey = ""
local dnsbltarget = ""
for i,z in pairs(bltable) do
if i == "accesskey" then
if z ~= "" then
accesskey = z.."."
else
accesskey = ""
end
end
if i == "host" then
dnsbltarget = z
end
end
local dnsblhost = accesskey..d.."."..c.."."..b.."."..a.."."..dnsbltarget
local answers, err, tries = r:query(dnsblhost, nil, {})
if answers ~= nil then
for ak,ans in ipairs(answers) do
if ans.address ~= nil then
e,f,g,h = ans.address:match("([%d]+).([%d]+).([%d]+).([%d]+)")
if e == '127' then
if tonumber(h) > 0 then
ngx.var.dnsblres = ngx.var.dnsblres..blserv.."="..ans.address.." "
end
end
end
end
end
end
if ngx.var.dnsblres ~= "" then
ngx.shared.dnsblcache:safe_set(clientip, ngx.var.dnsblres, 86400)
ngx.exit(ngx.HTTP_FORBIDDEN)
else
ngx.shared.dnsblcache:safe_set(clientip, ngx.var.dnsblres, 86400)
end
}
more_set_headers "x-dnsbl: $dnsblres";
@iniwidi
Copy link

iniwidi commented Aug 23, 2019

Hi man,

I use nginx ver 1.15.10 and install module to support Nginx-Lua and Restydns and nginx run perfectly, and i follow your article form this URL https://www.secjuice.com/dnsbl-blacklist-over-dns-how-to/ but i got an issue every acccess to the site i got forbidden even i access on my localhost, here are the information

curl

And here information on nginx.conf

nginx-conf

and here information my vhost

vhost

and here information module enable on nginx

module

I Setup DNSBL.conf set by default

if you dont mind to help this issue, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment