[INSTALLATION] Whitelist IPs function in setup-ngxblocker script

[zjagust]

Line 124 in setup-ngxblocker sometimes does not work:

ip="$(dig +short myip.opendns.com @resolver1.opendns.com)"

This results in wrong configuration line in whitelist-ips.conf file:

;; connection timed out; no servers could be reached 0;

May I suggest using the following instead what you have in line 124:

ip="$(curl -q ifconfig.io)"

Thank you!

[SeePrashanth]

@zjagust which nginx version are you using

[zjagust]

I'm using 1.14.2 which is standard on Debian 10... but, I'm sorry, what's Nginx has to do with this issue? Nginx and all other related Nginx UBB scripts are working fine :)

[SeePrashanth]

@zjagust kindly check and confirm from yours end is it working fine in nginx version 1.18 in ubuntu 20.04, for me it's not working, kindly help me. i.e i've problem in installation upto step5 it is working fine as per below link

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/AUTO-CONFIGURATION.md

for yours reference below:

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/issues/425

[zjagust]

Look, this still has nothing to do with my issue, which is actually not an issue but more of a "feature".

Second, I don't have an instance of Nginx version 1.18 running on Ubuntu 20.04 anywhere, so cannot help you there either. And as for your issue, where did you put the following includes:

include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;

Those need to be included in "server" block of your virtual host configuration, otherwise it will not work and you will receive the error you did and regarding "if" directive.

I see you mentioned your issue in other issue reports also, please don't do that. You can reference your problem in other issues only if they are related. What you are doing is kinda rude.

[mitchellkrogza]

@itoffshore

[itoffshore]

dig +short myip.opendns.com @resolver1.opendns.com - returns my ip address

This issue has been polluted & I think it should be closed

[zjagust]

I agree regarding issue polution and as I saw, several others have the same "problem". Regarding "dig", as you wish. My example from original report was only a suggestion. Thank you for your response.

[itoffshore]

@zjagust - does the dig command above work on your system ? (it exists by default on Ubuntu 20.04) - my reasoning for using dns utilities (which should exist on most systems) - is they will probably be longer lived than a website that returns an ip address.

the function whitelist_ips() does no whitelisting if the dig binary is not found

looking at the function again I do think it should be checking if $ip is empty or not

[zjagust]

@itoffshore I did a bit more digging. Just to mention, I absolutely agree with you and regarding using dns utils instead of an IP returning website. So:

This is UDP request:

 dig +short myip.opendns.com @resolver1.opendns.com
;; connection timed out; no servers could be reached

This is TCP:

dig +short myip.opendns.com @resolver1.opendns.com +tcp
XXX.XXX.XXX.XXX (I actually got my correct external IP)

This led me to my ISP, which has some strict DNS rules in place (only for specific DNS servers). It actually makes sense, yeah, UDP requests always use same sport, which is 53, and that will not work due to ISP rules.

On the other hand, TCP requests will use a random port, thus making a dig request successful. So maybe you could only add +tcp option which, as it looks, will always work. Again, only a suggestion on my part :)

Please be free to close this issue, as I now know what is going on.

Thank you.