Skip to content

Instantly share code, notes, and snippets.

@tmiland
Created October 27, 2019 11:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tmiland/784af323d0e7f2ff4cef90cfbee53d14 to your computer and use it in GitHub Desktop.
Save tmiland/784af323d0e7f2ff4cef90cfbee53d14 to your computer and use it in GitHub Desktop.
AWS IP address blocklist - To be used with Nginx Bad Bot and User-Agent Blocker
#!/usr/bin/env bash
## Author: Tommy Miland (@tmiland) - Copyright (c) 2019
if [[ "$EUID" -ne 0 ]]; then
echo -e "Sorry, you need to run this as root"
exit 1
fi
#------------------------------------------------------------------------------#
#
# MIT License
#
# Copyright (c) 2019 Tommy Miland
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#------------------------------------------------------------------------------#
# To be used with Nginx Bad Bot and User-Agent Blocker
# https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
# Add to /etc/nginx/bots.d/blacklist-ips.conf
# Amazon IP subnets
# include snippets/IPv4_aws_blacklist.conf;
# include snippets/IPv6_aws_blacklist.conf;
NGINX_PATH=/etc/nginx
# AWS
curl -o aws.json https://ip-ranges.amazonaws.com/ip-ranges.json
# Get all IPv4 addresses
IPv4=$(jq -r '.prefixes | .[].ip_prefix' < aws.json > IPv4_aws_blacklist.conf)
# Get all IPv6 addresses
IPv6=$(jq -r '.ipv6_prefixes | .[].ipv6_prefix' < aws.json > IPv6_aws_blacklist.conf)
# Remove duplicates
for f in IPv*.conf; do
gawk -i inplace '!seen[$0]++' "$f";
done
# Ngxblocker Blacklist
for f in IPv*.conf; do
sed -i 's/$/ 1;/' "$f";
done
# Copy to nginx path
for f in IPv*.conf; do
cp -rp "$f" $NGINX_PATH/snippets/;
done
rm -f aws.json && rm -f IPv*.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment