diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-02-14 13:39:34 -0500 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2025-02-14 13:39:34 -0500 |
| commit | 1acc1602f2ff678c0e4bf49fa62345505ec0aa35 (patch) | |
| tree | d2eec95941c9cd0a53f6de89cfde44222aa55940 /cmd/anubis/main.go | |
| parent | 17c44496aaa77e8d0a499db8c044cb42ab00086b (diff) | |
| download | x-1acc1602f2ff678c0e4bf49fa62345505ec0aa35.tar.xz x-1acc1602f2ff678c0e4bf49fa62345505ec0aa35.zip | |
cmd/anubis: enable DNSBL checking via dronebl
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'cmd/anubis/main.go')
| -rw-r--r-- | cmd/anubis/main.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index a15dba8..477fe50 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -30,6 +30,7 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" "within.website/x" "within.website/x/cmd/anubis/internal/config" + "within.website/x/cmd/anubis/internal/dnsbl" "within.website/x/internal" "within.website/x/xess" ) @@ -213,6 +214,19 @@ func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request) { ) policyApplications.WithLabelValues(cr.Name, string(cr.Rule)).Add(1) + ip := r.Header.Get("X-Real-Ip") + + if s.policy.DNSBL && ip != "" { + resp, err := dnsbl.Lookup(ip) + if err != nil { + lg.Error("can't look up ip in dnsbl", "err", err) + } else { + lg.Info("DNSBL hit", "status", resp.String()) + templ.Handler(base("Oh noes!", errorPage(fmt.Sprintf("DroneBL reported an entry: %s, see https://dronebl.org/lookup?ip=%s", resp.String(), ip))), templ.WithStatus(http.StatusOK)).ServeHTTP(w, r) + return + } + } + switch cr.Rule { case config.RuleAllow: lg.Debug("allowing traffic to origin (explicit)") |