修改redis pub 添加恶意IP&删除恶意IP
Showing
3 changed files
with
37 additions
and
21 deletions
| @@ -178,11 +178,19 @@ local subscribe_mal_ips=function() | @@ -178,11 +178,19 @@ local subscribe_mal_ips=function() | ||
| 178 | if res[3] then | 178 | if res[3] then |
| 179 | local t=cjson.decode(res[3]) | 179 | local t=cjson.decode(res[3]) |
| 180 | local ips=t.ips | 180 | local ips=t.ips |
| 181 | - local expire=(not t.expire) and 86400 or t.expire | ||
| 182 | - for ip in string.gmatch(ips,"[^',']+") do | ||
| 183 | - cache:set("yh:mip:" .. ip,"1",expire) | ||
| 184 | - ngx.log(ngx.INFO,"nginx subscribe mal ip:" .. tostring(ip) .. ":" .. tostring(expire)) | ||
| 185 | - end | 181 | + local expire=(not t.expire) and 43200 or t.expire |
| 182 | + if t.type == "add" then | ||
| 183 | + for ip in string.gmatch(ips,"[^',']+") do | ||
| 184 | + cache:set("yh:mip:" .. ip,"1",expire) | ||
| 185 | + ngx.log(ngx.INFO,"nginx subscribe add mal ip:" .. tostring(ip) .. ":" .. tostring(expire)) | ||
| 186 | + end | ||
| 187 | + elseif t.type == "del" then | ||
| 188 | + for ip in string.gmatch(ips,"[^',']+") do | ||
| 189 | + cache:delete("yh:mip:" .. ip) | ||
| 190 | + ngx.log(ngx.INFO,"nginx subscribe del mal ip:" .. tostring(ip) .. ":" .. tostring(expire)) | ||
| 191 | + end | ||
| 192 | + end | ||
| 193 | + | ||
| 186 | end | 194 | end |
| 187 | elseif err ~= "timeout" then | 195 | elseif err ~= "timeout" then |
| 188 | connect:close() | 196 | connect:close() |
| @@ -259,7 +267,8 @@ function limit_ip_access_conf_to_worker() | @@ -259,7 +267,8 @@ function limit_ip_access_conf_to_worker() | ||
| 259 | local t=lua_context.lua_conf_cache:get("limit_ip_access") | 267 | local t=lua_context.lua_conf_cache:get("limit_ip_access") |
| 260 | if t then | 268 | if t then |
| 261 | local r=cjson.decode(t) | 269 | local r=cjson.decode(t) |
| 262 | - if r then | 270 | + if r then |
| 271 | + r["white_method"]={"app.graphic.img","app.graphic.verify"} | ||
| 263 | lua_context.configs["limit_ip_access"]=r | 272 | lua_context.configs["limit_ip_access"]=r |
| 264 | --ngx.log(ngx.INFO,"++++++++++++++" .. cjson.encode(lua_context.configs["limit_ip_access"])) | 273 | --ngx.log(ngx.INFO,"++++++++++++++" .. cjson.encode(lua_context.configs["limit_ip_access"])) |
| 265 | end | 274 | end |
| @@ -3,7 +3,7 @@ local lrucache = require "resty.lrucache" | @@ -3,7 +3,7 @@ local lrucache = require "resty.lrucache" | ||
| 3 | -- init redis twemproxy config | 3 | -- init redis twemproxy config |
| 4 | local redis_config1={host="127.0.0.1",port="6379",auth=nil,timeout=20,max_idle_timeout=60000,pool_size=200} | 4 | local redis_config1={host="127.0.0.1",port="6379",auth=nil,timeout=20,max_idle_timeout=60000,pool_size=200} |
| 5 | 5 | ||
| 6 | -local ip_limit_redis_config={host="127.0.0.1",port="6379",auth=nil,timeout=20,max_idle_timeout=60000,pool_size=100} | 6 | +local ip_limit_redis_config={host="redis.nginx.yohoops.org",port="6379",auth=redis9646,timeout=20,max_idle_timeout=60000,pool_size=100} |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | local redis_util=require("redisutil") | 9 | local redis_util=require("redisutil") |
| @@ -134,24 +134,31 @@ function M:mal_ip() | @@ -134,24 +134,31 @@ function M:mal_ip() | ||
| 134 | ngx.say('{"code": 400, "msg": "params error!"}') | 134 | ngx.say('{"code": 400, "msg": "params error!"}') |
| 135 | ngx.exit(ngx.HTTP_OK) | 135 | ngx.exit(ngx.HTTP_OK) |
| 136 | end | 136 | end |
| 137 | - if method == 'publish' then | 137 | + local exists={} |
| 138 | + if method == 'pubAdd' then | ||
| 138 | local t={} | 139 | local t={} |
| 139 | t.ips=ips | 140 | t.ips=ips |
| 140 | t.expire=expire | 141 | t.expire=expire |
| 142 | + t.type="add" | ||
| 141 | redis_limit_ip:cmd("publish","mal_ips",cjson.encode(t)) | 143 | redis_limit_ip:cmd("publish","mal_ips",cjson.encode(t)) |
| 142 | - end | ||
| 143 | - local exists={} | ||
| 144 | - for ip in string.gmatch(ips,"[^',']+") do | ||
| 145 | - if method == 'add' then | ||
| 146 | - local expire= (not expire) and 86400 or expire | ||
| 147 | - cache:set("yh:mip:" .. ip,"1",expire) | ||
| 148 | - elseif method == 'del' then | ||
| 149 | - cache:delete("yh:mip:" .. ip) | ||
| 150 | - elseif method == 'exists' then | ||
| 151 | - local res=cache:get("yh:mip:" .. ip) | ||
| 152 | - res= res and true or false | ||
| 153 | - exists[#exists+1]=tostring(res) | ||
| 154 | - end | 144 | + elseif method == 'pubDel' then |
| 145 | + local t={} | ||
| 146 | + t.ips=ips | ||
| 147 | + t.type="del" | ||
| 148 | + redis_limit_ip:cmd("publish","mal_ips",cjson.encode(t)) | ||
| 149 | + else | ||
| 150 | + for ip in string.gmatch(ips,"[^',']+") do | ||
| 151 | + if method == 'add' then | ||
| 152 | + local expire= (not expire) and 43200 or expire | ||
| 153 | + cache:set("yh:mip:" .. ip,"1",expire) | ||
| 154 | + elseif method == 'del' then | ||
| 155 | + cache:delete("yh:mip:" .. ip) | ||
| 156 | + elseif method == 'exists' then | ||
| 157 | + local res=cache:get("yh:mip:" .. ip) | ||
| 158 | + res= res and true or false | ||
| 159 | + exists[#exists+1]=tostring(res) | ||
| 160 | + end | ||
| 161 | + end | ||
| 155 | end | 162 | end |
| 156 | local body=table.concat(exists,",") | 163 | local body=table.concat(exists,",") |
| 157 | ngx.say('{"code": 200, "msg": "'.. body ..'"}') | 164 | ngx.say('{"code": 200, "msg": "'.. body ..'"}') |
-
Please register or login to post a comment