Netacea · rswalkden · Apr 1, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 30, 2026
@@ -12,14 +12,7 @@ services:
      - "443:443"
     volumes:
      - "./src/conf/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf"
-     - "./src/lua_resty_netacea.lua:/usr/local/openresty/site/lualib/lua_resty_netacea.lua"
-     - "./src/lua_resty_netacea_cookies_v3.lua:/usr/local/openresty/site/lualib/lua_resty_netacea_cookies_v3.lua"
-     - "./src/kinesis_resty.lua:/usr/local/openresty/site/lualib/kinesis_resty.lua"
-     - "./src/lua_resty_netacea_ingest.lua:/usr/local/openresty/site/lualib/lua_resty_netacea_ingest.lua"
-     - "./src/netacea_utils.lua:/usr/local/openresty/site/lualib/netacea_utils.lua"
-     - "./src/lua_resty_netacea_constants.lua:/usr/local/openresty/site/lualib/lua_resty_netacea_constants.lua"
-     - "./src/lua_resty_netacea_protector_client.lua:/usr/local/openresty/site/lualib/lua_resty_netacea_protector_client.lua"     
-
+     - "./src:/usr/local/openresty/site/lualib/"
 
   test:
     build:

@@ -5,29 +5,15 @@ local netacea_cookies = require('lua_resty_netacea_cookies_v3')
 local utils = require("netacea_utils")
 local protector_client = require("lua_resty_netacea_protector_client")
 local Constants = require("lua_resty_netacea_constants")
+local mitigation = require("lua_resty_netacea_mitigation")
 
 local _N = {}
-_N._VERSION = '0.2.2'
+_N._VERSION = '1.1.0'
 _N._TYPE = 'nginx'
 
 local ngx = require 'ngx'
 local cjson = require 'cjson'
 
-local function serveCaptcha(captchaBody)
-  ngx.status = ngx.HTTP_FORBIDDEN
-  ngx.header["content-type"] = "text/html"
-  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
-  ngx.print(captchaBody)
-  return ngx.exit(ngx.HTTP_OK)
-end
-
-local function serveBlock()
-  ngx.status = ngx.HTTP_FORBIDDEN;
-  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
-  ngx.print("403 Forbidden");
-  return ngx.exit(ngx.HTTP_FORBIDDEN);
-end
-
 function _N:new(options)
   local n = {}
   setmetatable(n, self)
@@ -113,28 +99,6 @@ function _N:new(options)
   return n
 end
 
-function _N:getBestMitigation(protector_result)
-  if not protector_result then return nil end
-
-  local mitigate = protector_result.mitigate
-  local captcha = protector_result.captcha
-
-  if (mitigate == Constants.mitigationTypes.NONE) then return nil end
-  if (not Constants.mitigationTypesText[mitigate]) then return nil end
-
-  if (mitigate == Constants.mitigationTypes.ALLOW) then return nil end
-  if (captcha == Constants.captchaStates.PASS) then return nil end
-  if (captcha == Constants.captchaStates.COOKIEPASS) then return nil end
-
-  if (mitigate == Constants.mitigationTypes.BLOCKED
-      and (captcha == Constants.captchaStates.SERVE
-        or captcha == Constants['captchaStates'].COOKIEFAIL)) then
-    return 'captcha'
-  end
-
-  return 'block'
-end
-
 function _N:setBcType(match, mitigate, captcha)
   local UNKNOWN = 'unknown'
   local mitigationApplied = ''
@@ -245,24 +209,40 @@ function _N:mitigate()
 
     ngx.log(ngx.DEBUG, "NETACEA MITIGATE - protector result: ", cjson.encode(ngx.ctx.NetaceaState))
 
-    local best_mitigation = self:getBestMitigation(protector_result)
+    local best_mitigation = mitigation.getBestMitigation(protector_result)
+
     if best_mitigation == 'captcha' then
       ngx.log(ngx.DEBUG, "NETACEA MITIGATE - serving captcha")
       local captchaBody = protector_result.response.body
       ngx.ctx.NetaceaState.grace_period = -1000
       self:refreshSession(parsed_cookie.reason)
-      serveCaptcha(captchaBody)
+      mitigation.serveCaptcha(captchaBody)
       return
-    elseif best_mitigation == 'block' then
+    end
+
+    if best_mitigation == 'block' then
       ngx.log(ngx.DEBUG, "NETACEA MITIGATE - serving block")
       ngx.ctx.NetaceaState.grace_period = -1000
       self:refreshSession(parsed_cookie.reason)
-      serveBlock()
+      mitigation.serveBlock()
       return
-    else
-      ngx.log(ngx.DEBUG, "NETACEA MITIGATE - no mitigation applied")
+    end
+
+    if best_mitigation == 'monetise' then
+      ngx.log(ngx.DEBUG, "NETACEA MITIGATE - serving monetise")
+      ngx.ctx.NetaceaState.grace_period = -1000
       self:refreshSession(parsed_cookie.reason)
+      if protector_result.redirectHost then
+        local redirect_location = "https://" .. protector_result.redirectHost .. ngx.var.request_uri
+        mitigation.serveMonetisationRedirect(redirect_location)
+      else
+        mitigation.serveMonetisationFallback()
+      end
+      return
     end
+
+    ngx.log(ngx.DEBUG, "NETACEA MITIGATE - no mitigation applied")
+    self:refreshSession(parsed_cookie.reason)
   else
     ngx.log(ngx.DEBUG, "NETACEA MITIGATE - valid cookie found, skipping mitigation")
     ngx.ctx.NetaceaState.protector_result = {
@@ -272,4 +252,4 @@ function _N:mitigate()
     }
   end
 end
-return _N
+return _N
@@ -20,7 +20,9 @@ Constants['mitigationTypes'] = {
   NONE = '0',
   BLOCKED = '1',
   ALLOW = '2',
-  HARDBLOCKED = '3'
+  HARDBLOCKED = '3',
+  FLAGGED = '4',
+  MONETISED = '5'
 }
 
 Constants['captchaStatesText'] = {}
@@ -43,7 +45,6 @@ Constants['issueReasons'] = {
     CAPTCHA_GET = 'captcha_get',
 }
 
-
 Constants['matchBcTypes'] = {
   ['1'] = 'ua',
   ['2'] = 'ip',
@@ -61,7 +62,8 @@ Constants['mitigateBcTypes'] = {
   ['1'] = 'blocked',
   ['2'] = 'allow',
   ['3'] = 'hardblocked',
-  ['4'] = 'block'
+  ['4'] = 'flagged',
+  ['5'] = 'monetised'
 }
 
 Constants['captchaBcTypes'] = {

@@ -0,0 +1,62 @@
+local ngx = require 'ngx'
+local Constants = require("lua_resty_netacea_constants")
+
+local _M = {}
+
+function _M.getBestMitigation(protector_result)
+  if not protector_result then return nil end
+
+  local mitigate = protector_result.mitigate
+  local captcha = protector_result.captcha
+
+  if (mitigate == Constants.mitigationTypes.NONE) then return nil end
+  if (not Constants.mitigationTypesText[mitigate]) then return nil end
+
+  if (mitigate == Constants.mitigationTypes.ALLOW) then return nil end
+  if (captcha == Constants.captchaStates.PASS) then return nil end
+  if (captcha == Constants.captchaStates.COOKIEPASS) then return nil end
+
+  if (mitigate == Constants.mitigationTypes.BLOCKED
+      and (captcha == Constants.captchaStates.SERVE
+        or captcha == Constants['captchaStates'].COOKIEFAIL)) then
+    return 'captcha'
+  end
+
+  if (mitigate == Constants.mitigationTypes.MONETISED) then
+    return 'monetise'
+  end
+
+  return 'block'
+end
+
+function _M.serveCaptcha(captchaBody)
+  ngx.status = ngx.HTTP_FORBIDDEN
+  ngx.header["content-type"] = "text/html"
+  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
+  ngx.print(captchaBody)
+  return ngx.exit(ngx.HTTP_OK)
+end
+
+function _M.serveBlock()
+  ngx.status = ngx.HTTP_FORBIDDEN;
+  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
+  ngx.print("403 Forbidden");
+  return ngx.exit(ngx.HTTP_FORBIDDEN);
+end
+
+function _M.serveMonetisationRedirect(location)
+  ngx.status = 303;
+  ngx.header["Location"] = location
+  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
+  ngx.print("303 See Other");
+  return ngx.exit(303);
+end
+
+function _M.serveMonetisationFallback()
+  ngx.status = 402;
+  ngx.header["Cache-Control"] = "max-age=0, no-cache, no-store, must-revalidate"
+  ngx.print("402 Payment Required");
+  return ngx.exit(402);
+end
+
+return _M
@@ -71,7 +71,8 @@ function ProtectorClient:checkReputation()
         },
         match = res['headers']['x-netacea-match'] or constants['idTypes'].NONE,
         mitigate = res['headers']['x-netacea-mitigate'] or constants['mitigationTypes'].NONE,
-        captcha = res['headers']['x-netacea-captcha'] or constants['captchaStates'].NONE
+        captcha = res['headers']['x-netacea-captcha'] or constants['captchaStates'].NONE,
+        redirectHost = res['headers']['x-netacea-redirect-host'] or nil
     }
     return result
 end