update 更新ip黑白名单的过滤方式
1.改写函数 white_ip_check() black_ip_check() 2.ip规则写法例子 whiteip blackip 192.168.1.1 单IP过滤 192.168.1.0/24 网段过滤 192.168.0.0,192.168.0.255 网段的起始过滤 3.lib.lua末尾增加功能函数 ipToInt(str) intToIp(n) subnet(ip, masklen)pull/11/head
parent
2237703f33
commit
e90fe5ac62
64
init.lua
64
init.lua
|
@ -13,8 +13,37 @@ function white_ip_check()
|
|||
local WHITE_IP = get_client_ip()
|
||||
if IP_WHITE_RULE ~= nil then
|
||||
for _,rule in pairs(IP_WHITE_RULE) do
|
||||
if rule ~= "" and rulematch(WHITE_IP,rule,"jo") then
|
||||
log_record("White_IP",ngx.var.request_uri,"_","_")
|
||||
if rule ~= "" then
|
||||
RULE_IP_START = 9999999999
|
||||
RULE_IP_END = 9999999999
|
||||
if string.find(rule, ",") then
|
||||
local s,l = string.find(rule, ",")
|
||||
local num = 0
|
||||
num = l - 1
|
||||
RULE_IP_START = ipToInt(string.sub(rule, 1, num))
|
||||
num = l + 1
|
||||
RULE_IP_END = ipToInt(string.sub(rule, num))
|
||||
elseif string.find(rule, "/") then
|
||||
local s,l = string.find(rule, "/")
|
||||
local num = 0
|
||||
num = l - 1
|
||||
RULE_IP = string.sub(rule, 1, num)
|
||||
num = l + 1
|
||||
RULE_END = string.sub(rule, num)
|
||||
RULE_IP_START = ipToInt(subnet(RULE_IP, RULE_END))
|
||||
if tonumber(RULE_END) ~= '' and tonumber(RULE_END) < 32 then
|
||||
RULE_IP_END = RULE_IP_START + 2^(32 - RULE_END) - 1
|
||||
else
|
||||
RULE_IP_END = RULE_IP_START
|
||||
end
|
||||
elseif (rule ~= 'unknown') then
|
||||
RULE_IP_START = ipToInt(rule)
|
||||
RULE_IP_END = RULE_IP_START
|
||||
end
|
||||
end
|
||||
local Num_White_IP = ipToInt(get_client_ip())
|
||||
if rule ~= "" and RULE_IP_START <= Num_White_IP and Num_White_IP <= RULE_IP_END then
|
||||
log_record("White_IP",ngx.var.request_uri,"_",rule)
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
@ -29,7 +58,36 @@ function black_ip_check()
|
|||
local BLACK_IP = get_client_ip()
|
||||
if IP_BLACK_RULE ~= nil then
|
||||
for _,rule in pairs(IP_BLACK_RULE) do
|
||||
if rule ~= "" and rulematch(BLACK_IP,rule,"jo") then
|
||||
if rule ~= "" then
|
||||
RULE_IP_START = 9999999999
|
||||
RULE_IP_END = 9999999999
|
||||
if string.find(rule, ",") then
|
||||
local s,l = string.find(rule, ",")
|
||||
local num = 0
|
||||
num = l - 1
|
||||
RULE_IP_START = ipToInt(string.sub(rule, 1, num))
|
||||
num = l + 1
|
||||
RULE_IP_END = ipToInt(string.sub(rule, num))
|
||||
elseif string.find(rule, "/") then
|
||||
local s,l = string.find(rule, "/")
|
||||
local num = 0
|
||||
num = l - 1
|
||||
RULE_IP = string.sub(rule, 1, num)
|
||||
num = l + 1
|
||||
RULE_END = string.sub(rule, num)
|
||||
RULE_IP_START = ipToInt(subnet(RULE_IP, RULE_END))
|
||||
if tonumber(RULE_END) ~= '' and tonumber(RULE_END) < 32 then
|
||||
RULE_IP_END = RULE_IP_START + 2^(32 - RULE_END) - 1
|
||||
else
|
||||
RULE_IP_END = RULE_IP_START
|
||||
end
|
||||
elseif (rule ~= 'unknown') then
|
||||
RULE_IP_START = ipToInt(rule)
|
||||
RULE_IP_END = RULE_IP_START
|
||||
end
|
||||
end
|
||||
local Num_Black_IP = ipToInt(get_client_ip())
|
||||
if rule ~= "" and RULE_IP_START <= Num_Black_IP and Num_Black_IP <= RULE_IP_END then
|
||||
-- log_record('BlackList_IP',ngx.var.request_uri,"_","_")
|
||||
if config_waf_enable == "on" then
|
||||
ngx.header.content_type = "text/html"
|
||||
|
|
37
lib.lua
37
lib.lua
|
@ -94,3 +94,40 @@ function waf_output()
|
|||
ngx.exit(ngx.status)
|
||||
end
|
||||
end
|
||||
|
||||
-- ip to inter
|
||||
function ipToInt(str)
|
||||
local num = 0
|
||||
if str and type(str)=="string" then
|
||||
local o1,o2,o3,o4 = str:match("(%d+)%.(%d+)%.(%d+)%.(%d+)" )
|
||||
num = 2^24*o1 + 2^16*o2 + 2^8*o3 + o4
|
||||
end
|
||||
return num
|
||||
end
|
||||
|
||||
-- inter to ip
|
||||
function intToIp(n)
|
||||
if n then
|
||||
n = tonumber(n)
|
||||
local n1 = math.floor(n / (2^24))
|
||||
local n2 = math.floor((n - n1*(2^24)) / (2^16))
|
||||
local n3 = math.floor((n - n1*(2^24) - n2*(2^16)) / (2^8))
|
||||
local n4 = math.floor((n - n1*(2^24) - n2*(2^16) - n3*(2^8)))
|
||||
return n1.."."..n2.."."..n3.."."..n4
|
||||
end
|
||||
return "0.0.0.0"
|
||||
end
|
||||
|
||||
-- subnet
|
||||
function subnet(ip, masklen)
|
||||
if masklen == 32 then
|
||||
return ip
|
||||
end
|
||||
local ip = {string.match(ip, "(%d+).(%d+).(%d+).(%d+)")}
|
||||
local pos = math.floor((masklen)/8) + 1
|
||||
ip[pos] = ip[pos] - ip[pos] % 2^(8-masklen%8)
|
||||
for i = pos + 1, #ip do
|
||||
ip[i] = 0
|
||||
end
|
||||
return table.concat(ip, ".")
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue