Commit bb15ee23

@@ -0,0 +1,38 @@
+#!/bin/bash
+# A Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address
+# Run this script once a day and drop all spam network IPs (netblock) with http 403 client error.
+# The script will get executed every day via /etc/cron.daily (make sure crond
+# is running).
+# -------------------------------------------------------------------------
+# Copyright (c) 2008 nixCraft project <http://cyberciti.biz/fb/>
+# This script is licensed under GNU GPL version 2.0 or above
+# -------------------------------------------------------------------------
+# This script is part of nixCraft shell script collection (NSSC)
+# Visit http://bash.cyberciti.biz/ for more information.
+# -------------------------------------------------------------------------
+# Last updated on Jan/11/2010
+# -------------------------------------------------------------------------
+# tmp file
+FILE="/tmp/drop.lasso.txt.$$"
+ 
+# nginx config file - path to nginx drop conf file
+OUT=/etc/nginx/conf.d/drop.lasso.conf
+ 
+URL="http://www.spamhaus.org/drop/drop.lasso"
+# reload command
+NGINX="/usr/sbin/nginx -s reload"
+ 
+# remove old file
+[[ -f $FILE ]] && /bin/rm -f $FILE
+ 
+# emply nginx deny file
+>$OUT
+
+# get database
+/usr/bin/wget --output-document=$FILE "$URL"
+
+# format in nginx deny netblock; format
+/bin/egrep -v '^;' $FILE  | awk '{ print "deny " $1";"}' >>$OUT
+
+# reload nginx
+/bin/sync && ${NGINX}

@@ -17,6 +17,11 @@ namespace :nginx do
     run "#{sudo} mv /tmp/nginx_conf /etc/nginx/sites-available/#{application}"
     run "#{sudo} ln -s /etc/nginx/sites-available/#{application} /etc/nginx/sites-enabled/#{application}"
     run "#{sudo} rm -f /etc/nginx/sites-enabled/default"
+
+    template "500.sh.erb", "/tmp/nginx.drop.lasso"
+    run "#{sudo} mv /tmp/nginx.drop.lasso /etc/cron.daily/#{application}"
+    run "#{sudo} chmod +x /etc/cron.daily/#{application}"
+    run "#{sudo} chown root:root /etc/cron.daily/#{application}"
   end
   after "deploy:setup", "nginx:setup"