File: //bigscoots/wpo/nginx/blockip.sh
#!/bin/bash
# Block IPs in nginx for entire server.
BLOCKME=$2
# Function to validate IP address and CIDR
validate_ip() {
local ip=$1
local cidr=""
# Check for CIDR notation
if [[ $ip =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$ ]]; then
cidr=${ip##*/}
ip=${ip%/*}
fi
# Split IP into its components
IFS='.' read -r -a octets <<< "$ip"
# Ensure there are exactly four octets
if [ ${#octets[@]} -ne 4 ]; then
return 1
fi
# Validate each octet is between 0 and 255
for octet in "${octets[@]}"; do
if ! [[ $octet =~ ^[0-9]+$ ]] || ((octet < 0 || octet > 255)); then
return 1
fi
done
# If CIDR is present, validate it's between 0 and 32
if [ -n "$cidr" ]; then
if ! [[ $cidr =~ ^[0-9]+$ ]] || ((cidr < 0 || cidr > 32)); then
return 1
fi
# Ensure the last octet is .0 if CIDR is provided
if ((octets[3] != 0)); then
return 1
fi
fi
return 0
}
# Function to send JSON response
send_json_response() {
local status=$1
local message=$2
local result=$3
echo "{\"errors\":[],\"messages\":[],\"success\":$status,\"result\":$result,\"message\":\"$message\"}"
}
# Function to get the current date and time
get_current_datetime() {
echo $(date +'%Y-%m-%d %H:%M:%S')
}
# Function to list all blocked IPs with comments
list_blocked_ips() {
local result="["
local first_entry=true
while IFS= read -r line; do
ip=$(echo $line | awk -F'[ ;#]+' '{print $2}')
datetime=$(echo $line | awk -F'# ' '{print $2}')
if [ -z "$datetime" ]; then
datetime=""
fi
if [ "$first_entry" = true ]; then
first_entry=false
else
result+=","
fi
result+="{\"ip\": \"$ip\", \"date\": \"$datetime\"}"
done < /usr/local/nginx/conf/blockip.conf
result+="]"
send_json_response true "List of blocked IPs" "$result"
}
# Check if the IP address or range is valid
if [ "$1" != "list" ] && ! validate_ip "$BLOCKME"; then
send_json_response false "Invalid IP address or range. Valid examples: 192.168.1.0/24 or 192.168.1.1" "{}"
exit 1
fi
touch /usr/local/nginx/conf/blockip.conf
if ! grep -q /usr/local/nginx/conf/blockip.conf /usr/local/nginx/conf/nginx.conf
then
sed -i '/http {/a include /usr/local/nginx/conf/blockip.conf;' /usr/local/nginx/conf/nginx.conf
fi
result="{}"
current_datetime=$(get_current_datetime)
if [ "$1" = block ]
then
if grep -q "$BLOCKME;" /usr/local/nginx/conf/blockip.conf
then
send_json_response false "IP / Range has already been blocked." "$result"
else
echo "deny $BLOCKME; # $current_datetime" >> /usr/local/nginx/conf/blockip.conf
reloadnginx=1
result="{\"blocked\": [{\"ip\": \"$BLOCKME\", \"date\": \"$current_datetime\"}]}"
send_json_response true "IP / Range blocked successfully." "$result"
fi
elif [ "$1" = unblock ]
then
if ! grep -q "$BLOCKME;" /usr/local/nginx/conf/blockip.conf
then
send_json_response false "IP / Range does not exist." "$result"
else
sed -i "\:deny $BLOCKME;:d" /usr/local/nginx/conf/blockip.conf
reloadnginx=1
result="{\"unblocked\": [{\"ip\": \"$BLOCKME\"}]}"
send_json_response true "IP / Range unblocked successfully." "$result"
fi
elif [ "$1" = list ]
then
list_blocked_ips
exit 0
else
send_json_response false "Invalid action. Use 'block', 'unblock', or 'list'." "{}"
exit 1
fi
if [ "${reloadnginx}" == 1 ]
then
if nginx -t > /dev/null 2>&1
then
ngxreload > /dev/null 2>&1
elif [[ $(nginx -t 2>&1) == *"ssl_certificate\" is defined for the \"listen"* ]]
then
DOMAIN=$(nginx -t 2>&1 | grep -o "/usr/.*" | head -1 | cut -f1 -d":" | sed 's/\// /g' | awk '{print $6}' | sed 's/.ssl.conf//g')
if ! grep -q ssl_certificate /usr/local/nginx/conf/conf.d/"$DOMAIN".ssl.conf
then
sed -i "/\/usr\/local\/nginx\/conf\/ssl_include.conf/a \ ssl_certificate_key \/usr\/local\/nginx\/conf\/ssl\/$DOMAIN\/$DOMAIN.key;" /usr/local/nginx/conf/conf.d/"$DOMAIN".ssl.conf
sed -i "/\/usr\/local\/nginx\/conf\/ssl_include.conf/a \ ssl_certificate \/usr\/local\/nginx\/conf\/ssl\/$DOMAIN\/$DOMAIN.crt;" /usr/local/nginx/conf/conf.d/"$DOMAIN".ssl.conf
if nginx -t > /dev/null 2>&1
then
ngxreload > /dev/null 2>&1
else
nginx -t 2>&1 | mail -s "WPO URGENT - Nginx conf fail during fixing missing SSL. - $HOSTNAME" [email protected]
exit 1
fi
else
nginx -t 2>&1 | mail -s "WPO URGENT - Nginx conf fail during IP Block - $HOSTNAME" [email protected]
exit 1
fi
fi
fi