nginx-ultimate-bad-bot-blocker icon indicating copy to clipboard operation
nginx-ultimate-bad-bot-blocker copied to clipboard

[BUG] update-ngxblocker -q Is Not Silent

Open bitboss-ca opened this issue 1 year ago • 5 comments

Describe the bug

Running update-ngxblocker -q on FreeBSD outputs: Updating bots.d path

To Reproduce

Install using packages, setup, tested and running fine. Then run updater with -q option to suppress non-error messages, like so:

% sudo /usr/local/sbin/update-ngxblocker -q
Updating bots.d path

Expected behavior

Silent update.

Copy of nginx.conf

worker_processes  auto;
events {
  worker_connections  1024;
}
http {
  include       mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;

  # Nginx Bad Bot Blocker Includes (REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker)
  include /usr/local/etc/nginx/conf.d/botblocker-nginx-settings.conf;
  include /usr/local/etc/nginx/conf.d/globalblacklist.conf;

  server {
    listen       80;
    server_name  localhost;
    location / {
      root   /usr/local/www/nginx;
      index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
      root   /usr/local/www/nginx-dist;
    }
  }
  include /www/conf/*.conf;
}

Server (please complete the following information):

  • Operating System:

  • [X] Other

  • Specify Exact Version of OS:

FreeBSD www.cpdig.com 13.1-RELEASE-p6 FreeBSD 13.1-RELEASE-p6 GENERIC amd64
  • Nginx Version [post output of sudo nginx -v]
nginx version: nginx/1.22.1

Additional information

A normal run of the updater would look like this:

% sudo /usr/local/sbin/update-ngxblocker

LOCAL Version: 4.2023.04.3690
Updated: Tue Apr 18 10:03:34 UTC 2023

REMOTE Version: 4.2023.04.3693
Updated: Wed Apr 19 22:01:03 UTC 2023

Update Available => 4.2023.04.3693

Downloading: globalblacklist.conf ...[OK]

Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt

Nothing to update for directory: /usr/local/etc/nginx/conf.d
Nothing to update for directory: /usr/local/etc/nginx/bots.d

** FreeBSD specific ** | not updating scripts, please use the package management for this.

Updating bots.d path

Reloading NGINX configuration...[OK]

bitboss-ca avatar Apr 20 '23 05:04 bitboss-ca

In addition, when flag -q is used together with -m, an empty-body email is sent. If there are no issues during the update, no email should be sent.

cmdpedro avatar Apr 21 '23 14:04 cmdpedro

@cmdpedro, what operating system are you running?

bitboss-ca avatar Apr 21 '23 14:04 bitboss-ca

nginx version: nginx/1.20.1 5.4.0-147-generic #164-Ubuntu SMP Tue Mar 21 14:23:17 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

cmdpedro avatar Apr 21 '23 14:04 cmdpedro

Update: it would appear that this has already been fixed in the main branch, so I guess we're just waiting for the code to get bumped in FreeBSD Packages.

On my system I have this code in /usr/local/sbin/update-ngxblocker:

update_paths() {
        # variables in nginx include files not currently possible
        # updates hard coded bots.d path in globalblacklist.conf
        local blacklist=$1 include_paths= dir= x=

        case ${OS} in
        Linux)
        if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then
                if [ -d $BOTS_DIR ]; then
                        printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n"
                        include_paths=$(grep -E "include /.*.conf;$" $blacklist | awk '{print $2}' | tr -d ';')

                        for x in $include_paths; do
                                dir=$(dirname $x)
                                ${SED_CMD} -i "s|$dir|$BOTS_DIR|" $blacklist
                        done
                else
                        printf "${BOLDRED}ERROR${RESET}: '$BOTS_DIR' does not exist => ${BOLDWHITE}running $INSTALLER${RESET}.\n"
                        $INSTALL_INC
                        update_paths $blacklist
                fi
        fi
        ;;
        *BSD)
               printf "${BOLDGREEN}Updating bots.d path${RESET}\n"
               /usr/bin/sed -i "" -e 's:include .*nginx/:include :g' ${BOTS_DIR}/*.conf ${CONF_DIR}/*.conf
                ;;
        esac
}

Whereas Master branch has this:

update_paths() {
	# variables in nginx include files not currently possible
	# updates hard coded bots.d path in globalblacklist.conf
	local blacklist=$1 include_paths= dir= x=

	if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then
		if [ -d $BOTS_DIR ]; then
			printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n"
			include_paths=$(grep -E "include /.*.conf;$" $blacklist | awk '{print $2}' | tr -d ';')

			for x in $include_paths; do
				dir=$(dirname $x)
				${SED_CMD} -i "s|$dir|$BOTS_DIR|" $blacklist
			done
		else
			printf "${BOLDRED}ERROR${RESET}: '$BOTS_DIR' does not exist => ${BOLDWHITE}running $INSTALLER${RESET}.\n"
			$INSTALL_INC
			update_paths $blacklist
		fi
	fi
}

I'm not sure what this bit of code was intended to accomplish. Running that sed command on my system doesn't do anything to the .conf files.

        *BSD)
               printf "${BOLDGREEN}Updating bots.d path${RESET}\n"
               /usr/bin/sed -i "" -e 's:include .*nginx/:include :g' ${BOTS_DIR}/*.conf ${CONF_DIR}/*.conf
                ;;
        esac

So I have commented/disabled it like so.

        *BSD)
#               printf "${BOLDGREEN}Updating bots.d path${RESET}\n"
#               /usr/bin/sed -i "" -e 's:include .*nginx/:include :g' ${BOTS_DIR}/*.conf ${CONF_DIR}/*.conf
                ;;
        esac

Now /usr/local/sbin/update-ngxblocker -q is silent when there are no errors.

bitboss-ca avatar Apr 21 '23 14:04 bitboss-ca

@cmdpedro, I'm on FreeBSD, so I think your case is different. It looks to me the it might have to do with the update_paths() function testing for the full path to the $BOTS_DIR in $blacklist when the path may be relative.

bitboss-ca avatar Apr 21 '23 15:04 bitboss-ca