The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer,

adware, malware, ransomware, clickjacking, click directing, SEO companies
bad IPs, Wordpress theme detectors and fake Googlebots. It includes an
anti DDoS system and nginx rate limiting.

WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/

6 files changed, 197 insertions, 0 deletions

diff --git a/www/nginx-ultimate-bad-bot-blocker/Makefile b/www/nginx-ultimate-bad-bot-blocker/Makefile
new file mode 100644
index 000000000000..39071779e79a
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/Makefile
@@ -0,0 +1,41 @@
+# $FreeBSD$
+
+PORTNAME=		nginx-ultimate-bad-bot-blocker
+DISTVERSION=		4.2020.02.1988
+DISTFILES=		V${PORTVERSION}${EXTRACT_SUFX}
+PORTREVISION=		0
+CATEGORIES=		www security
+MASTER_SITES=		https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/archive/
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	Nginx bad bot and other things blocker
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.md
+
+RUN_DEPENDS=	gsed:textproc/gsed
+
+USE_GITHUB=	nodefault
+
+GH_ACCOUNT=	mitchellkrogza
+GH_PROJECT=	${PORTNAME}
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+SUB_FILES=	pkg-message
+PLIST_FILES=	sbin/install-ngxblocker \
+		sbin/setup-ngxblocker \
+		sbin/update-ngxblocker
+
+post-patch:
+	${REINPLACE_CMD} -e 's:/usr/local:${PREFIX}:g' \
+		-e 's:/etc/nginx:${LOCALBASE}/etc/nginx:g' \
+		-e 's:nginx/sites-available:nginx/sites:g' \
+		-e 's:/var/www:${LOCALBASE}/www:g' \
+		-e 's:VHOST_EXT="vhost":VHOST_EXT="conf":' ${WRKSRC}/*-ngxblocker
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/*-ngxblocker ${STAGEDIR}${PREFIX}/sbin/
+
+.include <bsd.port.mk>
diff --git a/www/nginx-ultimate-bad-bot-blocker/distinfo b/www/nginx-ultimate-bad-bot-blocker/distinfo
new file mode 100644
index 000000000000..a4af77bd7979
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1582031978
+SHA256 (V4.2020.02.1988.tar.gz) = 9bf264f6192bf8a0d9f78f1c54bc2e3b9314ea1bf80bbb33b460514b0173b47b
+SIZE (V4.2020.02.1988.tar.gz) = 3785603
diff --git a/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker b/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker
new file mode 100644
index 000000000000..b1cf3fc19b70
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker
@@ -0,0 +1,30 @@
+--- install-ngxblocker
++++ install-ngxblocker
+@@ -36,6 +36,7 @@ CONF_DIR=/etc/nginx/conf.d
+ BOTS_DIR=/etc/nginx/bots.d
+ SCRIPT_DIR=/usr/local/sbin
+ REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
++SKIP_SCRIPTS=true
+ 
+ ####### end user configuration ##########################
+ OS=$(uname -s)
+@@ -341,11 +342,15 @@ main() {
+ 	check_config $CONF_DIR $BOTS_DIR $SCRIPT_DIR
+ 	download_files conf.d $CONF_DIR $CONF_FILES
+ 	download_files bots.d $BOTS_DIR $BOT_FILES
+-	download_files / $SCRIPT_DIR $SCRIPT_FILES
++	if [ "$SKIP_SCRIPTS" = "false" ]; then
++		download_files / $SCRIPT_DIR $SCRIPT_FILES
+ 
+-	# ensures scripts are executable
+-	if [ "$DRY_RUN" = "N" ]; then
+-		set_mode 700 $SCRIPT_DIR $SCRIPT_FILES
++		# ensures scripts are executable
++		if [ "$DRY_RUN" = "N" ]; then
++			set_mode 700 $SCRIPT_DIR $SCRIPT_FILES
++		fi
++	else
++		printf "\n** FreeBSD specific ** | not updating scripts, please use the package management for this.\n\n"
+ 	fi
+ }
+ 
diff --git a/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker b/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker
new file mode 100644
index 000000000000..1ca7b311805b
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker
@@ -0,0 +1,79 @@
+--- update-ngxblocker
++++ update-ngxblocker
+@@ -148,6 +148,8 @@ update_paths() {
+ 	# updates hard coded bots.d path in globalblacklist.conf
+ 	local blacklist=$1 include_paths= dir= x=
+ 
++	case ${OS} in
++	Linux)
+ 	if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then
+ 		if [ -d $BOTS_DIR ]; then
+ 			printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n"
+@@ -163,6 +165,12 @@ update_paths() {
+ 			update_paths $blacklist
+ 		fi
+ 	fi
++	;;
++	*BSD)
++		printf "${BOLDGREEN}Updating bots.d path${RESET}\n"
++		/usr/bin/sed -i -e 's:include .*nginx/:include :g' ${BOTS_DIR}/* ${CONF_DIR}/*
++		;;
++	esac
+ }
+ 
+ sanitize_path() {
+@@ -319,11 +327,39 @@ get_options() {
+ 	INSTALL_INC="$INSTALLER -b $BOTS_DIR -c $CONF_DIR -x"
+ }
+ 
++nginx_check_status() {
++	local pidof_path=$(find_binary pidof)
++
++	case ${OS} in
++	Linux)
++		$pidof_path nginx 1>/dev/null
++		return $?
++		;;
++	FreeBSD)
++		/usr/sbin/service nginx status | /usr/bin/grep -q running
++		return $?
++		;;
++	esac
++}
++
++nginx_reload() {
++	local nginx_path=$(find_binary nginx)
++
++	case ${OS} in
++	Linux)
++		$nginx_path -s reload 2>&1 >/dev/null
++		return $?
++		;;
++	FreeBSD)
++		/usr/sbin/service nginx reload >/dev/null 2>&1
++		return $?
++		;;
++	esac
++}
++
+ main() {
+ 	local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
+ 	local file=globalblacklist.conf remote_dir=conf.d url= output= update= status= tmp= retval=
+-	local nginx_path=$(find_binary nginx)
+-	local pidof_path=$(find_binary pidof)
+ 
+ 	# require root
+ 	if [ "$(id -u)" != "0" ]; then
+@@ -370,9 +406,10 @@ main() {
+ 		if [ $retval = 0 ]; then
+ 
+ 			# use full paths to workaround crontabs without $PATH configured
+-			if $pidof_path nginx 1>/dev/null; then
++			nginx_check_status
++			if [ $? -eq 0 ]; then
+ 
+-				$nginx_path -s reload 2>&1 >/dev/null
++				nginx_reload
+ 
+ 				if [ $? = 0 ]; then
+ 					status="${BOLDGREEN}[OK]${RESET}"
diff --git a/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in b/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in
new file mode 100644
index 000000000000..800cf6b6655c
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in
@@ -0,0 +1,38 @@
+[
+{
+  message: <<EOT
+This ports installs only the scripts, the data/config files are to be installed
+by the 
+   %%PREFIX%%/sbin/install-ngxblocker
+   %%PREFIX%%/sbin/update-ngxblocker
+scripts (they change too frequently).
+
+While reading
+   https://github.com/netchild/nginx-ultimate-bad-bot-blocker/blob/freebsdport/AUTO-CONFIGURATION.md
+for setup instructions keep in mind that the port of the scripts is using FreeBSD
+locations of things, like
+   %%LOCALBASE%%/etc/nginx/
+and
+   service nginx reload
+(this includes the test-config functionality on reload).
+
+FreeBSD does not define a standard location and naming convention for sites/vhosts,
+this port uses
+   %%LOCALBASE%%/etc/nginx/sites/*.conf
+by default. The scripts allow to override this via command line flags.
+
+Example crontab entry for /etc/cron.d/nginx-bad-bot-blocker:
+---snip---
+#
+SHELL=/bin/sh
+PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:%%PREFIX%%/sbin
+
+# See crontab(5) for field format.
+53	10	*	*	*	root	%%PREFIX%%/sbin/update-ngxblocker -q
+---snip---
+See
+   %%PREFIX%%/sbin/update-ngxblocker -h
+for mail-sending options.
+EOT
+}
+]
diff --git a/www/nginx-ultimate-bad-bot-blocker/pkg-descr b/www/nginx-ultimate-bad-bot-blocker/pkg-descr
new file mode 100644
index 000000000000..4405f2686b3a
--- /dev/null
+++ b/www/nginx-ultimate-bad-bot-blocker/pkg-descr
@@ -0,0 +1,6 @@
+The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer,
+adware, malware, ransomware, clickjacking, click directing, SEO companies
+bad IPs, Wordpress theme detectors and fake Googlebots. It includes an
+anti DDoS system and nginx rate limiting.
+
+WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/