Periodically refreshing an allowlist in njs
Tom Hall
thattommyhall at gmail.com
Sat Mar 26 20:55:48 UTC 2022
Hi
I am looking to replace some lua scripting we have to do an allowlist,
I found https://medium.com/geekculture/building-a-simple-bot-protection-with-nginx-javascript-module-njs-and-typescript-386b2207ba90
and it seems to give me a good idea how to port my lua
const fs = require('fs');
const badReputationIPs = loadFile('/var/lib/njs/ips.txt');
function loadFile(file: string): string[] {
let data: string[] = [];
try {
data = fs.readFileSync(file).toString().split('\n');
} catch (e) {
// unable to read file
}
return data;
}
function verifyIP(r: NginxHTTPRequest): void {
if (badReputationIPs.some((ip: string) => ip === r.remoteAddress)) {
r.return(302, '/block.html');
return;
}
r.internalRedirect('@pages');
}
export default { verifyIP };
except I have the lua reloading every 60s by calling ngx.timer.at(60,
helpers.load_json) in a init_worker_by_lua
Is there an equivalent in njs? It seems not if you are starting a new
lightweight VM for every request.
Is the answer to do a subrequest and cache it or something?
Thanks,
Tom
More information about the nginx-devel
mailing list