openresty-Dynamic-Access-Control/secrets.lua.example at main · generalmat82/openresty-Dynamic-Access-Control · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
local secrets = {
    subnets = {
        whitelist = {"1.2.3.0/24", "2.3.4.0/24"},
        blacklist = {"3.4.5.0/24", "4.5.6.0/24"}
    },
    geoip = {
        geoip_db_path = {
            geoip_city = "/usr/share/GeoIP/GeoLite2-City.mmdb",
            geoip_asn = "/usr/share/GeoIP/GeoLite2-ASN.mmdb",
            geoip_country = "/usr/share/GeoIP/GeoLite2-Country.mmdb"
        },
        blocked_countries = { "RU" } -- country codes to block
    },
    redis = {
        host = "127.0.0.1",
        port = 6379,
        auth = {
            user = "user",
            password = "your_redis_password",
        },
        pool_config = {
            pool_size = 100,             -- Redis connection pool size
            pool_max_idle_time = 10000,  -- Connection pool timeout (ms)
            backlog = 200,
            pool_timeout = 1000
        },
        timeout = 100,
    },
    cache = {
        bl_ttl = 120, --Duration of an entry's life in the blacklist cache in seconds
        wt_ttl = 220, --Duration of an entry's life in the whitelist cache in seconds
    },
    block = {
        threshold_window = 10, --Window for an IP to reach threshold in seconds
        threshold_max = 50, --Max ammount of requests to reach with time window
        block_time = 120, --Duration of a block once threshold is reached in seconds.
    },
    dyn_wt = {
        location = {
            domain = "example.com",
            URI = "/add/to/whitelist"
        },
        duration = 3600, --Duration of an entry to the dynamic whitelist
    },
    path_blocks = {
        duration = 600, --Duration to block if patern matches in seconds.
        locations = { -- regex patern to match for
            "^/%.git/.*",
            "^/wp-admin/.*",
            "^/phpmyadmin/.*",
            "^/admin/.*",
            "^.*/etc/passwd.*",
        },
    },
    notifications = {
        enabled = true,
        apprise_url = "apprise-api/notify/<config>",
        dyn_wt = {
            enabled = true,
            notif_type = "info", -- info, success, warning, failure
            tag = "<tag>" --tag configured in apprise_api
        },
        block = {
            enabled = true,
            notif_type = "warning", -- info, success, warning, failure
            tag = "<tag>" --tag configured in apprise_api
        },

    },
}
return secrets