++ed by:
VTFRVL

1 PAUSE user

Victor Franco
and 1 contributors

NAME

Plack::Middleware::DNSBL - An IPv4 DNS Blacklist middleware for Plack

SYNOPSIS

  use Plack::Builder;
  use Plack::Middleware::DNSBL;
  
  my $app = sub { ... };
  
  builder {
      enable 'DNSBL',
          blacklists => {
              'your-trusted-blacklist' => '$ip.your.trusted.blacklist',
              'ip-port-blacklist'      => '$ip.$port.ip-port.trusted.blacklist',
          };
  
      $app;
  }

DESCRIPTION

The Plack::Middleware::DNSBL middleware provides a simple yet customizable way of blocking ill-intentionated requests from reaching your main application by using an external blacklist.

CONFIGURATIONS

blacklists
  enable 'DNSBL',
      blacklists => {
          'blacklist-name-1' => 'blacklist-query-address',
          'blacklist-name-2' => 'blacklist-query-address',
          'blacklist-name-3' => 'blacklist-query-address',
          # ...
          'blacklist-name-n' => 'blacklist-query-address',
      };

The blacklists option specifies a hashref with all the blacklists' name and query address pairs. The query address will have every $ip and $port substrings replaced respectively by the $enviroment's reversed IPv4 address and server's port.

Therefore:

  enable 'DNSBL',
      blacklists => {
          'my example blacklist' => '$ip.$port.blacklist.example.com', # single quotes!
      };

Will query 1.0.0.127.80.blacklist.example.com for IP 127.0.0.1 acessing over port 80.

blacklisted
  enable 'DNSBL',
      blacklists => { ... },
      blacklisted => sub {
          my ($env, $blacklist, $is_cached) = @_;
  
          # Do some logging here
  
          if (!$is_cached && $blacklist eq 'blacklist name') {
              warn "$blacklist matched another address!";
          }
  
          if ($ENV{DEBUG} || $ENV{FRIENDLY}) {
              return [ 200, [ 'Content-type' => 'text/html' ], [
                  "<html><body>",
                  "<h1>Hello, buddy ($env->{REMOTE_ADDR})!</h1>",
                  "<p>Looks like you're banned at $blacklist!</p>",
                  "<p>Sorry :(</p>",
                  "</body></html>",
              ] ];
          }
  
          [ 500, [ 'Content-type' => 'text/plain' ], [ "Die, spammer!" ] ];
      };

The blacklisted option specifies a coderef that will be called at the first blacklist that detect this IP as flagged, returing immediately it's return value.

Defaults to:

  sub { [ 500, [ 'Content-Type' => 'text/plain' ], [ '' ] ] }
cache, cache_time
  enable 'DNSBL',
      blacklists => { ... },
      cache_time => '1h',
      cache      => $cache;

The cache option specifies an object which handles get and set methods for caching whether an IP is blacklisted or not. If this option is set, it expects cache_time to be a string that can be parsed by this object and contains how long should this data be cached. Defaults to '86400' (1 day).

resolver
  my $my_resolver = Net::DNS::Resolver->new(
      nameservers => [ '10.1.1.128', '10.1.2.128' ],
      recurse     => 0,
      debug       => 1
  );
  
  builder {
      enable 'DNSBL',
          resolver   => $my_resolver,
          blacklists => { ... };
      $app;
  };

A Net::DNS::Resolver object. Defaults to Net::DNS::Resolver->new.

WHITELISTING

There's no build-in way of whitelisting IPs or certain paths, however this can be quickly solved by using Plack::Builder's enable_if:

  builder {
      enable_if {
          !$ENV{DEBUG} && $_[0]->{REMOTE_ADDR} ne '127.0.0.1'
      } 'DNSBL', ...;
      $app;
  };

SEE ALSO

Net::DNS::Resolver

AUTHOR

Victor Franco, <victorfrancovl at gmail.com>

BUGS

Patches welcome at https://www.github.com/vtfrvl/plack-middleware-dnsbl

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself