The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer,

adware, malware, ransomware, clickjacking, click directing, SEO companies bad IPs, Wordpress theme detectors and fake Googlebots. It includes an anti DDoS system and nginx rate limiting. WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/
svn path=/head/; revision=526458
2020-02-18 15:11:23 +00:00 · 2020-02-18 15:11:23 +00:00 · f3a0528cd8 · 2021-03-31 03:12:20 +00:00
commit f3a0528cd8
parent 59f23a4a8b
7 changed files with 198 additions and 0 deletions
--- a/www/Makefile
+++ b/www/Makefile
@ -447,6 +447,7 @@
    SUBDIR += nginx-lite
    SUBDIR += nginx-naxsi
    SUBDIR += nginx-prometheus-exporter
+    SUBDIR += nginx-ultimate-bad-bot-blocker
    SUBDIR += nginx-vts-exporter
    SUBDIR += nibbleblog
    SUBDIR += nift
--- a/www/nginx-ultimate-bad-bot-blocker/Makefile
+++ b/www/nginx-ultimate-bad-bot-blocker/Makefile
@ -0,0 +1,41 @@
+# $FreeBSD$
+
+PORTNAME=		nginx-ultimate-bad-bot-blocker
+DISTVERSION=		4.2020.02.1988
+DISTFILES=		V${PORTVERSION}${EXTRACT_SUFX}
+PORTREVISION=		0
+CATEGORIES=		www security
+MASTER_SITES=		https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/archive/
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	Nginx bad bot and other things blocker
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.md
+
+RUN_DEPENDS=	gsed:textproc/gsed
+
+USE_GITHUB=	nodefault
+
+GH_ACCOUNT=	mitchellkrogza
+GH_PROJECT=	${PORTNAME}
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+SUB_FILES=	pkg-message
+PLIST_FILES=	sbin/install-ngxblocker \
+		sbin/setup-ngxblocker \
+		sbin/update-ngxblocker
+
+post-patch:
+	${REINPLACE_CMD} -e 's:/usr/local:${PREFIX}:g' \
+		-e 's:/etc/nginx:${LOCALBASE}/etc/nginx:g' \
+		-e 's:nginx/sites-available:nginx/sites:g' \
+		-e 's:/var/www:${LOCALBASE}/www:g' \
+		-e 's:VHOST_EXT="vhost":VHOST_EXT="conf":' ${WRKSRC}/*-ngxblocker
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/*-ngxblocker ${STAGEDIR}${PREFIX}/sbin/
+
+.include <bsd.port.mk>
--- a/www/nginx-ultimate-bad-bot-blocker/distinfo
+++ b/www/nginx-ultimate-bad-bot-blocker/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1582031978
+SHA256 (V4.2020.02.1988.tar.gz) = 9bf264f6192bf8a0d9f78f1c54bc2e3b9314ea1bf80bbb33b460514b0173b47b
+SIZE (V4.2020.02.1988.tar.gz) = 3785603
--- a/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker
+++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker
@ -0,0 +1,30 @@
+--- install-ngxblocker
+++ install-ngxblocker
+@@ -36,6 +36,7 @@ CONF_DIR=/etc/nginx/conf.d
+ BOTS_DIR=/etc/nginx/bots.d
+ SCRIPT_DIR=/usr/local/sbin
+ REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
+SKIP_SCRIPTS=true
+ 
+ ####### end user configuration ##########################
+ OS=$(uname -s)
+@@ -341,11 +342,15 @@ main() {
+ 	check_config $CONF_DIR $BOTS_DIR $SCRIPT_DIR
+ 	download_files conf.d $CONF_DIR $CONF_FILES
+ 	download_files bots.d $BOTS_DIR $BOT_FILES
+-	download_files / $SCRIPT_DIR $SCRIPT_FILES
+	if [ "$SKIP_SCRIPTS" = "false" ]; then
+		download_files / $SCRIPT_DIR $SCRIPT_FILES
+ 
+-	# ensures scripts are executable
+-	if [ "$DRY_RUN" = "N" ]; then
+-		set_mode 700 $SCRIPT_DIR $SCRIPT_FILES
+		# ensures scripts are executable
+		if [ "$DRY_RUN" = "N" ]; then
+			set_mode 700 $SCRIPT_DIR $SCRIPT_FILES
+		fi
+	else
+		printf "\n** FreeBSD specific ** | not updating scripts, please use the package management for this.\n\n"
+ 	fi
+ }
+ 
--- a/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker
+++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker
@ -0,0 +1,79 @@
+--- update-ngxblocker
+++ update-ngxblocker
+@@ -148,6 +148,8 @@ update_paths() {
+ 	# updates hard coded bots.d path in globalblacklist.conf
+ 	local blacklist=$1 include_paths= dir= x=
+ 
+	case ${OS} in
+	Linux)
+ 	if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then
+ 		if [ -d $BOTS_DIR ]; then
+ 			printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n"
+@@ -163,6 +165,12 @@ update_paths() {
+ 			update_paths $blacklist
+ 		fi
+ 	fi
+	;;
+	*BSD)
+		printf "${BOLDGREEN}Updating bots.d path${RESET}\n"
+		/usr/bin/sed -i -e 's:include .*nginx/:include :g' ${BOTS_DIR}/* ${CONF_DIR}/*
+		;;
+	esac
+ }
+ 
+ sanitize_path() {
+@@ -319,11 +327,39 @@ get_options() {
+ 	INSTALL_INC="$INSTALLER -b $BOTS_DIR -c $CONF_DIR -x"
+ }
+ 
+nginx_check_status() {
+	local pidof_path=$(find_binary pidof)
+
+	case ${OS} in
+	Linux)
+		$pidof_path nginx 1>/dev/null
+		return $?
+		;;
+	FreeBSD)
+		/usr/sbin/service nginx status | /usr/bin/grep -q running
+		return $?
+		;;
+	esac
+}
+
+nginx_reload() {
+	local nginx_path=$(find_binary nginx)
+
+	case ${OS} in
+	Linux)
+		$nginx_path -s reload 2>&1 >/dev/null
+		return $?
+		;;
+	FreeBSD)
+		/usr/sbin/service nginx reload >/dev/null 2>&1
+		return $?
+		;;
+	esac
+}
+
+ main() {
+ 	local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
+ 	local file=globalblacklist.conf remote_dir=conf.d url= output= update= status= tmp= retval=
+-	local nginx_path=$(find_binary nginx)
+-	local pidof_path=$(find_binary pidof)
+ 
+ 	# require root
+ 	if [ "$(id -u)" != "0" ]; then
+@@ -370,9 +406,10 @@ main() {
+ 		if [ $retval = 0 ]; then
+ 
+ 			# use full paths to workaround crontabs without $PATH configured
+-			if $pidof_path nginx 1>/dev/null; then
+			nginx_check_status
+			if [ $? -eq 0 ]; then
+ 
+-				$nginx_path -s reload 2>&1 >/dev/null
+				nginx_reload
+ 
+ 				if [ $? = 0 ]; then
+ 					status="${BOLDGREEN}[OK]${RESET}"
--- a/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in
+++ b/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in
@ -0,0 +1,38 @@
+[
+{
+  message: <<EOT
+This ports installs only the scripts, the data/config files are to be installed
+by the 
+   %%PREFIX%%/sbin/install-ngxblocker
+   %%PREFIX%%/sbin/update-ngxblocker
+scripts (they change too frequently).
+
+While reading
+   https://github.com/netchild/nginx-ultimate-bad-bot-blocker/blob/freebsdport/AUTO-CONFIGURATION.md
+for setup instructions keep in mind that the port of the scripts is using FreeBSD
+locations of things, like
+   %%LOCALBASE%%/etc/nginx/
+and
+   service nginx reload
+(this includes the test-config functionality on reload).
+
+FreeBSD does not define a standard location and naming convention for sites/vhosts,
+this port uses
+   %%LOCALBASE%%/etc/nginx/sites/*.conf
+by default. The scripts allow to override this via command line flags.
+
+Example crontab entry for /etc/cron.d/nginx-bad-bot-blocker:
+---snip---
+#
+SHELL=/bin/sh
+PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:%%PREFIX%%/sbin
+
+# See crontab(5) for field format.
+53	10	*	*	*	root	%%PREFIX%%/sbin/update-ngxblocker -q
+---snip---
+See
+   %%PREFIX%%/sbin/update-ngxblocker -h
+for mail-sending options.
+EOT
+}
+]
--- a/www/nginx-ultimate-bad-bot-blocker/pkg-descr
+++ b/www/nginx-ultimate-bad-bot-blocker/pkg-descr
@ -0,0 +1,6 @@
+The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer,
+adware, malware, ransomware, clickjacking, click directing, SEO companies
+bad IPs, Wordpress theme detectors and fake Googlebots. It includes an
+anti DDoS system and nginx rate limiting.
+
+WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/