修改redis pub 添加恶意IP&删除恶意IP

jie
Commit 2cc19b4887b6d452380b2980457a8991df362bc0 1 parent 019b16d7
Showing 3 changed files with 23 additions and 7 deletions
roles/openresty/files/nginx/conf/lua/init_config_worker.lua
roles/openresty/files/nginx/conf/lua/init_lua.lua
roles/openresty/files/nginx/conf/lua/limit_ip_access.lua
--- a/roles/openresty/files/nginx/conf/lua/init_config_worker.lua
View file @2cc19b4
+++ b/roles/openresty/files/nginx/conf/lua/init_config_worker.lua
View file @2cc19b4
@@ -178,11 +178,19 @@ local subscribe_mal_ips=function()
        if res[3] then
          local t=cjson.decode(res[3])
          local ips=t.ips
-         local expire=(not t.expire) and 86400 or t.expire
+         local expire=(not t.expire) and 43200 or t.expire
+		 if t.type == "add" then
 		   for ip in string.gmatch(ips,"[^',']+") do
              cache:set("yh:mip:" .. ip,"1",expire)
-           ngx.log(ngx.INFO,"nginx subscribe mal ip:" .. tostring(ip) .. ":" .. tostring(expire))
+             ngx.log(ngx.INFO,"nginx subscribe add mal ip:" .. tostring(ip) .. ":" .. tostring(expire))
            end
+		 elseif t.type == "del" then 
+		   for ip in string.gmatch(ips,"[^',']+") do
+             cache:delete("yh:mip:" .. ip)
+             ngx.log(ngx.INFO,"nginx subscribe del mal ip:" .. tostring(ip) .. ":" .. tostring(expire))
+           end
+		 end
+         
        end
     elseif err ~= "timeout" then
       connect:close()
@@ -260,6 +268,7 @@ function limit_ip_access_conf_to_worker()
     if t then
       local  r=cjson.decode(t)
       if r then
+	    r["white_method"]={"app.graphic.img","app.graphic.verify"}
         lua_context.configs["limit_ip_access"]=r
       --ngx.log(ngx.INFO,"++++++++++++++" .. cjson.encode(lua_context.configs["limit_ip_access"]))
       end
--- a/roles/openresty/files/nginx/conf/lua/init_lua.lua
View file @2cc19b4
+++ b/roles/openresty/files/nginx/conf/lua/init_lua.lua
View file @2cc19b4
@@ -3,7 +3,7 @@ local lrucache = require "resty.lrucache"
 -- init redis twemproxy config
 local redis_config1={host="127.0.0.1",port="6379",auth=nil,timeout=20,max_idle_timeout=60000,pool_size=200}
-local ip_limit_redis_config={host="127.0.0.1",port="6379",auth=nil,timeout=20,max_idle_timeout=60000,pool_size=100}
+local ip_limit_redis_config={host="redis.nginx.yohoops.org",port="6379",auth=redis9646,timeout=20,max_idle_timeout=60000,pool_size=100}
 local redis_util=require("redisutil")
--- a/roles/openresty/files/nginx/conf/lua/limit_ip_access.lua
View file @2cc19b4
+++ b/roles/openresty/files/nginx/conf/lua/limit_ip_access.lua
View file @2cc19b4
@@ -134,16 +134,22 @@ function M:mal_ip()
     ngx.say('{"code": 400, "msg": "params error!"}')
 	ngx.exit(ngx.HTTP_OK)
    end
-   if method == 'publish' then
+   local exists={}
+   if method == 'pubAdd' then
       local t={}
       t.ips=ips
       t.expire=expire
+      t.type="add"
       redis_limit_ip:cmd("publish","mal_ips",cjson.encode(t))
-   end 
-   local exists={}
+   elseif  method == 'pubDel' then 
+      local t={}
+      t.ips=ips
+      t.type="del"
+      redis_limit_ip:cmd("publish","mal_ips",cjson.encode(t))
+   else 
      for ip in string.gmatch(ips,"[^',']+") do
          if method == 'add' then
-           local expire= (not expire) and 86400 or expire
+             local expire= (not expire) and 43200 or expire
              cache:set("yh:mip:" .. ip,"1",expire)
          elseif method == 'del' then
 	         cache:delete("yh:mip:" .. ip)
@@ -153,6 +159,7 @@ function M:mal_ip()
              exists[#exists+1]=tostring(res)
          end
      end 
+   end
    local body=table.concat(exists,",")
    ngx.say('{"code": 200, "msg": "'.. body ..'"}')
    ngx.exit(ngx.HTTP_OK)