Plack::Middleware::DNSBL - An IPv4 DNS Blacklist middleware for Plack
use Plack::Builder; use Plack::Middleware::DNSBL; my $app = sub { ... }; builder { enable 'DNSBL', blacklists => { 'your-trusted-blacklist' => '$ip.your.trusted.blacklist', 'ip-port-blacklist' => '$ip.$port.ip-port.trusted.blacklist', }; $app; }
The Plack::Middleware::DNSBL middleware provides a simple yet customizable way of blocking ill-intentionated requests from reaching your main application by using an external blacklist.
enable 'DNSBL', blacklists => { 'blacklist-name-1' => 'blacklist-query-address', 'blacklist-name-2' => 'blacklist-query-address', 'blacklist-name-3' => 'blacklist-query-address', # ... 'blacklist-name-n' => 'blacklist-query-address', };
The blacklists option specifies a hashref with all the blacklists' name and query address pairs. The query address will have every $ip and $port substrings replaced respectively by the $enviroment's reversed IPv4 address and server's port.
blacklists
$ip
$port
$env
Therefore:
enable 'DNSBL', blacklists => { 'my example blacklist' => '$ip.$port.blacklist.example.com', # single quotes! };
Will query 1.0.0.127.80.blacklist.example.com for IP 127.0.0.1 acessing over port 80.
1.0.0.127.80.blacklist.example.com
enable 'DNSBL', blacklists => { ... }, blacklisted => sub { my ($env, $blacklist, $is_cached) = @_; # Do some logging here if (!$is_cached && $blacklist eq 'blacklist name') { warn "$blacklist matched another address!"; } if ($ENV{DEBUG} || $ENV{FRIENDLY}) { return [ 200, [ 'Content-type' => 'text/html' ], [ "<html><body>", "<h1>Hello, buddy ($env->{REMOTE_ADDR})!</h1>", "<p>Looks like you're banned at $blacklist!</p>", "<p>Sorry :(</p>", "</body></html>", ] ]; } [ 500, [ 'Content-type' => 'text/plain' ], [ "Die, spammer!" ] ]; };
The blacklisted option specifies a coderef that will be called at the first blacklist that detect this IP as flagged, returing immediately it's return value.
blacklisted
Defaults to:
sub { [ 500, [ 'Content-Type' => 'text/plain' ], [ '' ] ] }
enable 'DNSBL', blacklists => { ... }, cache_time => '1h', cache => $cache;
The cache option specifies an object which handles get and set methods for caching whether an IP is blacklisted or not. If this option is set, it expects cache_time to be a string that can be parsed by this object and contains how long should this data be cached. Defaults to '86400' (1 day).
cache
get
set
cache_time
my $my_resolver = Net::DNS::Resolver->new( nameservers => [ '10.1.1.128', '10.1.2.128' ], recurse => 0, debug => 1 ); builder { enable 'DNSBL', resolver => $my_resolver, blacklists => { ... }; $app; };
A Net::DNS::Resolver object. Defaults to Net::DNS::Resolver->new.
Net::DNS::Resolver->new
There's no build-in way of whitelisting IPs or certain paths, however this can be quickly solved by using Plack::Builder's enable_if:
enable_if
builder { enable_if { !$ENV{DEBUG} && $_[0]->{REMOTE_ADDR} ne '127.0.0.1' } 'DNSBL', ...; $app; };
Net::DNS::Resolver
Victor Franco, <victorfrancovl at gmail.com>
<victorfrancovl at gmail.com>
Patches welcome at https://www.github.com/vtfrvl/plack-middleware-dnsbl
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself
To install Plack::Middleware::DNSBL, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Plack::Middleware::DNSBL
CPAN shell
perl -MCPAN -e shell install Plack::Middleware::DNSBL
For more information on module installation, please visit the detailed CPAN module installation guide.