From 790acc7a65473b1d607bac45220031ea1468bcee Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 16 Sep 2015 18:50:14 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=BD=91=E6=AE=B5=E6=94=AF?= =?UTF-8?q?=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- init.lua | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/init.lua b/init.lua index dbff0f7..ea7261f 100644 --- a/init.lua +++ b/init.lua @@ -236,10 +236,52 @@ function get_boundary() return match(header, ";%s*boundary=([^\",;]+)") end +function string.split(str, delimiter) + if str==nil or str=='' or delimiter==nil then + return nil + end + + local result = {} + for match in (str..delimiter):gmatch("(.-)"..delimiter) do + table.insert(result, match) + end + return result +end + +function innet(ip, network) + local star = '' + for i in string.gmatch(network, '%*') do + star = star..i + end + + local ip = string.split(ip, '%.') + local network = string.split(network, '%.') + if ip == nil or network == nil then + return false + end + + local ip_prefix = {} + local network_prefix = {} + for i=1, 4-string.len(star) do + ip_prefix[i] = ip[i] + network_prefix[i] = network[i] + end + + ip_prefix = table.concat(ip_prefix, '.') + network_prefix = table.concat(network_prefix, '.') + + if ip_prefix == network_prefix then + return true + else + return false + end +end + function whiteip() if next(ipWhitelist) ~= nil then - for _,ip in pairs(ipWhitelist) do - if getClientIp()==ip then + ip = getClientIp() + for _,wip in pairs(ipWhitelist) do + if ip = wip or innet(ip, wip) then return true end end @@ -249,8 +291,9 @@ end function blockip() if next(ipBlocklist) ~= nil then - for _,ip in pairs(ipBlocklist) do - if getClientIp()==ip or ip=="0.0.0.0" then + ip = getClientIp() + for _,bip in pairs(ipBlocklist) do + if ip == bip or ip=="0.0.0.0" or innet(ip, bip) then ngx.exit(403) return true end