Protected: jenkins-build-scripts

This content is password protected. To view it please enter your password below:

Advertisements

MOD REMAP

Screen Shot 2017-06-29 at 8.54.01 AM

nano /etc/apache2/sites-available/ip-whitelist-test.conf

<VirtualHost *:80>

        ServerAdmin webmaster@localhost

        ServerName ip-whitelist-test.lo.com

        ServerAlias http://www.ip-whitelist-test.lo.com

        DocumentRoot /var/www/ip-whitelist-test

        <Directory />

                Options FollowSymLinks

                AllowOverride None

        </Directory>

        <Directory /var/www/ip-whitelist-test/>

                Options -Indexes +FollowSymLinks -MultiViews

                AllowOverride All

                Require all granted

        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,

        # alert, emerg.

        # LogLevel debug rewrite:trace3

        CustomLog /var/log/apache2/access.log combined

        <IfModule mod_rewrite.c>

                RewriteEngine On

                ## Allowing only whitelisted IPS ##

                RewriteMap ip_color “prg:/usr/local/bin/get_ip_color.py TEST123”

                RewriteCond %{REMOTE_ADDR} ^(.*)$

                RewriteCond ${ip_color:%1|black} ^black$ [NC]

                RewriteRule (.*) – [F]

                ## End – Allowing only whitelisted IPS ###

        </IfModule>

</VirtualHost>

 

/usr/local/bin/get_ip_color.py

#

# Script should be only called with app_code argument provided after the script name like

# $ python get_ip_color.py some_app_code

#

import sys

import requests

import argparse

api_domain=’https://firewall.lo.com/api/&#8217;

api_endpoint_template=’v1/ip/whitelist/findByApp?appCode=%s’

api_username=”

api_password=”

def get_whitelisted_ips(app_code):

  try:

    api_endpoint = api_endpoint_template % app_code

    root = requests.get(api_domain + api_endpoint, auth = (api_username, api_password))

    return root.json()

  except:

    return get_default_ips()

def get_default_ips():

  return []

def get_color(ip, app_code):

  ips =  get_whitelisted_ips(app_code)

  if not isinstance(ips, list):

    ips = get_default_ips()

  if ip in ips:

    return ‘white’

  else:

    return ‘black’

parser = argparse.ArgumentParser()

parser.add_argument(“app_code”, help=”Application Code – required argument used to fetch only IPs which belong to certain application”)

args = parser.parse_args()

while True:

  ip = sys.stdin.readline().strip()

  color = get_color(ip, args.app_code)

  sys.stdout.write(color + ‘\n’)

  sys.stdout.flush()

 

ip-whitelist-test

<VirtualHost *:80>

ServerAdmin webmaster@localhost

        ServerName ip-whitelist-test.thongquach.com

        ServerAlias http://www.ip-whitelist-test.thongquach.com

DocumentRoot /var/www/ip-whitelist-test

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory /var/www/ip-whitelist-test/>

Options -Indexes +FollowSymLinks -MultiViews

AllowOverride All

                Require all granted

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel debug rewrite:trace3

CustomLog /var/log/apache2/access.log combined

## WHITELIST IPS ##

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteMap ipslist “txt:/var/www/ip-whitelist-test/whitelist.txt”

RewriteCond %{REMOTE_ADDR} ^(.*)$

RewriteCond ${ipslist:%1|black} ^black$ [NC]

RewriteRule (.*) – [F]

# RewriteCond %{REMOTE_ADDR} “!^${ipslist:%1|black}” [NC]

# RewriteCond %{REMOTE_ADDR} “!^111.239.121.102” [NC]

# RewriteRule ^(.*)$ – [F,L]

</IfModule>

</VirtualHost>