fec-proxy/generate_blockips.sh at develop · fecgov/fec-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/bash
set -euo pipefail

app=${1}
space=${2}
org=${3}

# Target space
cf target -o ${org} -s ${space}

echo "Generating blockips.conf from cloud.gov environment variable"
APP_GUID=$(cf app "$app" --guid)
VCAP_SERVICES=$(cf curl "/v3/apps/${APP_GUID}/env" | jq -r '.system_env_json.VCAP_SERVICES')

BLOCKED_IPS=$(echo "$VCAP_SERVICES" | jq -r '
  .["user-provided"][]?
  | select(.credentials.BLOCKED_IPS != null)
  | .credentials.BLOCKED_IPS' | head -n 1)

if [[ -z "$BLOCKED_IPS" || "$BLOCKED_IPS" == "null" ]]; then
  echo "No BLOCKED_IPS set in cloud.gov for app '${app}', skipping blockips.conf generation"
  echo "# No blocked IPs configured" > blockips.conf
else
  echo "# Auto-generated list of blocked IPs" > blockips.conf
  IFS=',' read -ra IPS <<< "$BLOCKED_IPS"
  for ip in "${IPS[@]}"; do
    escaped_ip=$(echo "$ip" | sed 's/\./\\./g')
    echo "if (\$http_x_forwarded_for ~* ${escaped_ip}) {" >> blockips.conf
    echo "    return 403;" >> blockips.conf
    echo "}" >> blockips.conf
  done
fi