diff options
author | Alexander Leidinger <netchild@FreeBSD.org> | 2020-02-18 15:11:23 +0000 |
---|---|---|
committer | Alexander Leidinger <netchild@FreeBSD.org> | 2020-02-18 15:11:23 +0000 |
commit | f3a0528cd819baa0f4e2a2992f7ea58519c48af3 (patch) | |
tree | ea72e2359f486588d1993e2f07df1a28d8b901c3 /www/nginx-ultimate-bad-bot-blocker | |
parent | 59f23a4a8b9bd977f413a69221ec403bdedc4c08 (diff) | |
download | ports-f3a0528cd819baa0f4e2a2992f7ea58519c48af3.tar.gz ports-f3a0528cd819baa0f4e2a2992f7ea58519c48af3.zip |
The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer,
adware, malware, ransomware, clickjacking, click directing, SEO companies
bad IPs, Wordpress theme detectors and fake Googlebots. It includes an
anti DDoS system and nginx rate limiting.
WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/
Notes
Notes:
svn path=/head/; revision=526458
Diffstat (limited to 'www/nginx-ultimate-bad-bot-blocker')
6 files changed, 197 insertions, 0 deletions
diff --git a/www/nginx-ultimate-bad-bot-blocker/Makefile b/www/nginx-ultimate-bad-bot-blocker/Makefile new file mode 100644 index 000000000000..39071779e79a --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/Makefile @@ -0,0 +1,41 @@ +# $FreeBSD$ + +PORTNAME= nginx-ultimate-bad-bot-blocker +DISTVERSION= 4.2020.02.1988 +DISTFILES= V${PORTVERSION}${EXTRACT_SUFX} +PORTREVISION= 0 +CATEGORIES= www security +MASTER_SITES= https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/archive/ + +MAINTAINER= netchild@FreeBSD.org +COMMENT= Nginx bad bot and other things blocker + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE.md + +RUN_DEPENDS= gsed:textproc/gsed + +USE_GITHUB= nodefault + +GH_ACCOUNT= mitchellkrogza +GH_PROJECT= ${PORTNAME} + +NO_ARCH= yes +NO_BUILD= yes + +SUB_FILES= pkg-message +PLIST_FILES= sbin/install-ngxblocker \ + sbin/setup-ngxblocker \ + sbin/update-ngxblocker + +post-patch: + ${REINPLACE_CMD} -e 's:/usr/local:${PREFIX}:g' \ + -e 's:/etc/nginx:${LOCALBASE}/etc/nginx:g' \ + -e 's:nginx/sites-available:nginx/sites:g' \ + -e 's:/var/www:${LOCALBASE}/www:g' \ + -e 's:VHOST_EXT="vhost":VHOST_EXT="conf":' ${WRKSRC}/*-ngxblocker + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/*-ngxblocker ${STAGEDIR}${PREFIX}/sbin/ + +.include <bsd.port.mk> diff --git a/www/nginx-ultimate-bad-bot-blocker/distinfo b/www/nginx-ultimate-bad-bot-blocker/distinfo new file mode 100644 index 000000000000..a4af77bd7979 --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1582031978 +SHA256 (V4.2020.02.1988.tar.gz) = 9bf264f6192bf8a0d9f78f1c54bc2e3b9314ea1bf80bbb33b460514b0173b47b +SIZE (V4.2020.02.1988.tar.gz) = 3785603 diff --git a/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker b/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker new file mode 100644 index 000000000000..b1cf3fc19b70 --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker @@ -0,0 +1,30 @@ +--- install-ngxblocker ++++ install-ngxblocker +@@ -36,6 +36,7 @@ CONF_DIR=/etc/nginx/conf.d + BOTS_DIR=/etc/nginx/bots.d + SCRIPT_DIR=/usr/local/sbin + REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master ++SKIP_SCRIPTS=true + + ####### end user configuration ########################## + OS=$(uname -s) +@@ -341,11 +342,15 @@ main() { + check_config $CONF_DIR $BOTS_DIR $SCRIPT_DIR + download_files conf.d $CONF_DIR $CONF_FILES + download_files bots.d $BOTS_DIR $BOT_FILES +- download_files / $SCRIPT_DIR $SCRIPT_FILES ++ if [ "$SKIP_SCRIPTS" = "false" ]; then ++ download_files / $SCRIPT_DIR $SCRIPT_FILES + +- # ensures scripts are executable +- if [ "$DRY_RUN" = "N" ]; then +- set_mode 700 $SCRIPT_DIR $SCRIPT_FILES ++ # ensures scripts are executable ++ if [ "$DRY_RUN" = "N" ]; then ++ set_mode 700 $SCRIPT_DIR $SCRIPT_FILES ++ fi ++ else ++ printf "\n** FreeBSD specific ** | not updating scripts, please use the package management for this.\n\n" + fi + } + diff --git a/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker b/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker new file mode 100644 index 000000000000..1ca7b311805b --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker @@ -0,0 +1,79 @@ +--- update-ngxblocker ++++ update-ngxblocker +@@ -148,6 +148,8 @@ update_paths() { + # updates hard coded bots.d path in globalblacklist.conf + local blacklist=$1 include_paths= dir= x= + ++ case ${OS} in ++ Linux) + if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then + if [ -d $BOTS_DIR ]; then + printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n" +@@ -163,6 +165,12 @@ update_paths() { + update_paths $blacklist + fi + fi ++ ;; ++ *BSD) ++ printf "${BOLDGREEN}Updating bots.d path${RESET}\n" ++ /usr/bin/sed -i -e 's:include .*nginx/:include :g' ${BOTS_DIR}/* ${CONF_DIR}/* ++ ;; ++ esac + } + + sanitize_path() { +@@ -319,11 +327,39 @@ get_options() { + INSTALL_INC="$INSTALLER -b $BOTS_DIR -c $CONF_DIR -x" + } + ++nginx_check_status() { ++ local pidof_path=$(find_binary pidof) ++ ++ case ${OS} in ++ Linux) ++ $pidof_path nginx 1>/dev/null ++ return $? ++ ;; ++ FreeBSD) ++ /usr/sbin/service nginx status | /usr/bin/grep -q running ++ return $? ++ ;; ++ esac ++} ++ ++nginx_reload() { ++ local nginx_path=$(find_binary nginx) ++ ++ case ${OS} in ++ Linux) ++ $nginx_path -s reload 2>&1 >/dev/null ++ return $? ++ ;; ++ FreeBSD) ++ /usr/sbin/service nginx reload >/dev/null 2>&1 ++ return $? ++ ;; ++ esac ++} ++ + main() { + local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master + local file=globalblacklist.conf remote_dir=conf.d url= output= update= status= tmp= retval= +- local nginx_path=$(find_binary nginx) +- local pidof_path=$(find_binary pidof) + + # require root + if [ "$(id -u)" != "0" ]; then +@@ -370,9 +406,10 @@ main() { + if [ $retval = 0 ]; then + + # use full paths to workaround crontabs without $PATH configured +- if $pidof_path nginx 1>/dev/null; then ++ nginx_check_status ++ if [ $? -eq 0 ]; then + +- $nginx_path -s reload 2>&1 >/dev/null ++ nginx_reload + + if [ $? = 0 ]; then + status="${BOLDGREEN}[OK]${RESET}" diff --git a/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in b/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in new file mode 100644 index 000000000000..800cf6b6655c --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in @@ -0,0 +1,38 @@ +[ +{ + message: <<EOT +This ports installs only the scripts, the data/config files are to be installed +by the + %%PREFIX%%/sbin/install-ngxblocker + %%PREFIX%%/sbin/update-ngxblocker +scripts (they change too frequently). + +While reading + https://github.com/netchild/nginx-ultimate-bad-bot-blocker/blob/freebsdport/AUTO-CONFIGURATION.md +for setup instructions keep in mind that the port of the scripts is using FreeBSD +locations of things, like + %%LOCALBASE%%/etc/nginx/ +and + service nginx reload +(this includes the test-config functionality on reload). + +FreeBSD does not define a standard location and naming convention for sites/vhosts, +this port uses + %%LOCALBASE%%/etc/nginx/sites/*.conf +by default. The scripts allow to override this via command line flags. + +Example crontab entry for /etc/cron.d/nginx-bad-bot-blocker: +---snip--- +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:%%PREFIX%%/sbin + +# See crontab(5) for field format. +53 10 * * * root %%PREFIX%%/sbin/update-ngxblocker -q +---snip--- +See + %%PREFIX%%/sbin/update-ngxblocker -h +for mail-sending options. +EOT +} +] diff --git a/www/nginx-ultimate-bad-bot-blocker/pkg-descr b/www/nginx-ultimate-bad-bot-blocker/pkg-descr new file mode 100644 index 000000000000..4405f2686b3a --- /dev/null +++ b/www/nginx-ultimate-bad-bot-blocker/pkg-descr @@ -0,0 +1,6 @@ +The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer, +adware, malware, ransomware, clickjacking, click directing, SEO companies +bad IPs, Wordpress theme detectors and fake Googlebots. It includes an +anti DDoS system and nginx rate limiting. + +WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/ |