NAME
Plack::Middleware::DNSBL - An IPv4 DNS Blacklist middleware for Plack
SYNOPSIS
use Plack::Builder;
use Plack::Middleware::DNSBL;
my $app = sub { ... };
builder {
enable 'DNSBL',
blacklists => {
'your-trusted-blacklist' => '$ip.your.trusted.blacklist',
'ip-port-blacklist' => '$ip.$port.ip-port.trusted.blacklist',
};
$app;
}
DESCRIPTION
The Plack::Middleware::DNSBL middleware provides a simple yet customizable way of blocking ill-intentionated requests from reaching your main application by using an external blacklist.
CONFIGURATIONS
- blacklists
-
enable 'DNSBL', blacklists => { 'blacklist-name-1' => 'blacklist-query-address', 'blacklist-name-2' => 'blacklist-query-address', 'blacklist-name-3' => 'blacklist-query-address', # ... 'blacklist-name-n' => 'blacklist-query-address', };
The
blacklists
option specifies a hashref with all the blacklists' name and query address pairs. The query address will have every$ip
and$port
substrings replaced respectively by the$env
iroment's reversed IPv4 address and server's port.Therefore:
enable 'DNSBL', blacklists => { 'my example blacklist' => '$ip.$port.blacklist.example.com', # single quotes! };
Will query
1.0.0.127.80.blacklist.example.com
for IP 127.0.0.1 acessing over port 80. - blacklisted
-
enable 'DNSBL', blacklists => { ... }, blacklisted => sub { my ($env, $blacklist, $is_cached) = @_; # Do some logging here if (!$is_cached && $blacklist eq 'blacklist name') { warn "$blacklist matched another address!"; } if ($ENV{DEBUG} || $ENV{FRIENDLY}) { return [ 200, [ 'Content-type' => 'text/html' ], [ "<html><body>", "<h1>Hello, buddy ($env->{REMOTE_ADDR})!</h1>", "<p>Looks like you're banned at $blacklist!</p>", "<p>Sorry :(</p>", "</body></html>", ] ]; } [ 500, [ 'Content-type' => 'text/plain' ], [ "Die, spammer! ] ]; };
The
blacklisted
option specifies a coderef that will be called at the first blacklist that detect this IP as flagged, returing immediately it's return value.Defaults to:
sub { [ 500, [ 'Content-Type' => 'text/plain' ], [ '' ] ] }
- cache, cache_time
-
enable 'DNSBL', blacklists => { ... }, cache_time => '1h', cache => $cache;
The
cache
option specifies an object which handlesget
andset
methods for caching whether an IP is blacklisted or not. If this option is set, it expectscache_time
to be a string that can be parsed by this object and contains how long should this data be cached. Defaults to '86400' (1 day). - resolver
-
my $my_resolver = Net::DNS::Resolver->new( nameservers => [ '10.1.1.128', '10.1.2.128' ], recurse => 0, debug => 1 ); builder { enable 'DNSBL', resolver => $my_resolver, blacklists => { ... }; $app; };
A Net::DNS::Resolver object. Defaults to
Net::DNS::Resolver->new
.
WHITELISTING
There's no build-in way of whitelisting IPs or certain paths, however this can be quickly solved by using Plack::Builder's enable_if
:
builder {
enable_if {
!$ENV{DEBUG} && $_[0]->{REMOTE_ADDR} ne '127.0.0.1'
} 'DNSBL', ...;
$app;
};
SEE ALSO
AUTHOR
Victor Franco, <victorfrancovl at gmail.com>
BUGS
Patches welcome at https://www.github.com/vtfrvl/plack-middleware-dnsbl
LICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself