当前位置:网站首页>openresty 动态黑白名单

openresty 动态黑白名单

2022-08-01 19:16:00 o_瓜田李下_o

openresty 动态黑白名单

            

                 

                                  

动态黑白名单

           

                    

客户端请求发送到openresty,openresty需要验证黑白名单;

可将黑白名单存放在redis中,openresty直接与redis交互,验证黑白名单;
openresty也可将黑白名单加载到共享内存,在内存中验证黑白名单;

验证通过后,执行后续请求;
验证不通过,向客户端返回403(request forbidden)错误

         

                  

                                  

使用示例

           

创建redis 容器

docker run -it -d --net fixed --ip 172.18.0.81 --name redis-black redis

           

default.conf

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/local/openresty/nginx/html;
        index  index.html index.htm;
    }

    location /test {
        access_by_lua_block {
            local redis = require 'resty.redis';
            local red = redis:new();

            red:set_timeouts(1000, 1000, 1000);

            local ok, err = red:connect("172.18.0.81", 6379);
            if not ok then
                ngx.log(ngx.ERR, "failed to connect: ", err)
                return
            end

            local remote_addr = ngx.var.remote_addr;
            ngx.log(ngx.ERR, "remote_addr ==> ", remote_addr);

            ngx.log(ngx.ERR, "red:sismember('balck-list', remote_addr)");
            res, err =  red:sismember('black-list', remote_addr);
            ngx.log(ngx.ERR, "是否在黑名单 ==> ", res);

            if res == 1 then
                ngx.log(ngx.ERR, "输出 403");
                ngx.exit(ngx.HTTP_FORBIDDEN);
            else
                ngx.log(ngx.ERR, "输出 200");
                ngx.exit(ngx.OK);
            end
        }

        echo "test";
        content_by_lua_block {
            ngx.say("test");
        }
    }

    location /add {
        content_by_lua_block {
            local redis = require 'resty.redis';
            local red = redis:new();

            red:set_timeouts(1000, 1000, 1000);

            local ok, err = red:connect("172.18.0.81", 6379);
            if not ok then
                ngx.say("failed to connect: ", err)
                return
            end

            local members = red:smembers("black-list");
            if members then
                ngx.say("添加前黑名单 ==> ", members);
            end

            local ip = ngx.var.arg_ip;

            ngx.say("red:sadd('balck-list', ip)");
            local res, err = red:sadd('black-list', ip);
            if not res then
                ngx.say("failed to sadd: ", err)
                return
            end

            local members = red:smembers("black-list");
            if members then
                ngx.say("添加后黑名单 ==> ", members);
            end
        }
    }

    location /delete {
        content_by_lua_block {
            local redis = require 'resty.redis';
            local red = redis:new();

            red:set_timeouts(1000, 1000, 1000);

            local ok, err = red:connect("172.18.0.81", 6379);
            if not ok then
                ngx.say("failed to connect: ", err)
                return
            end

            local members = red:smembers("black-list");
            if members then
                ngx.say("删除前黑名单 ==> ", members);
            end

            local ip = ngx.var.arg_ip;

            ngx.say("red:srem('balck-list', ip)");
            local res, err = red:srem('black-list', ip);
            if not res then
                ngx.say("failed to srem: ", err)
                return
            end

            local members = red:smembers("black-list");
            if members then
                ngx.say("删除后黑名单 ==> ", members);
            end
        }
    }


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/local/openresty/nginx/html;
    }

}

           

创建openresty 容器

docker run -it -d --net fixed --ip 172.18.0.82 -p 6001:80 \
-v /Users/huli/lua/openresty/black/default.conf:/etc/nginx/conf.d/default.conf \
--name open-black lihu12344/openresty

           

使用测试

# 初始黑名单为空
[email protected] black % curl localhost:6001/test
test

# 添加黑名单
[email protected] black % curl --location --request GET 'localhost:6001/add?ip=172.18.0.1'
添加前黑名单 ==> gtlx
red:sadd('balck-list', ip)
添加后黑名单 ==> 172.18.0.1gtlx

[email protected] black % curl localhost:6001/test
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty/1.21.4.1</center>
</body>
</html>


# 删除黑名单
[email protected] black % curl --location --request GET 'localhost:6001/delete?ip=172.18.0.1'
删除前黑名单 ==> 172.18.0.1gtlx
red:srem('balck-list', ip)
删除后黑名单 ==> gtlx

[email protected] black % curl localhost:6001/test
test

              

                      

原网站

版权声明
本文为[o_瓜田李下_o]所创,转载请带上原文链接,感谢
https://blog.csdn.net/weixin_43931625/article/details/126057418

边栏推荐

猜你喜欢

随机推荐