Mercurial > hg > nginx

comparison src/http/modules/ngx_http_access_handler.c @ 368:15c84a40e87d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-0.0.7-2004-06-24-20:07:04 import
author Igor Sysoev <igor@sysoev.ru>
date Thu, 24 Jun 2004 16:07:04 +0000
parents
children 5659d773cfa8
comparison
equal deleted inserted replaced
367:ceec87d1c2b3 368:15c84a40e87d
1
2 #include <ngx_config.h>
3 #include <ngx_core.h>
4 #include <ngx_http.h>
5
6
7 /* AF_INET only */
8
9 typedef struct {
10 in_addr_t mask;
11 in_addr_t addr;
12 unsigned deny;
13 } ngx_http_access_rule_t;
14
15
16 typedef struct {
17 ngx_array_t *rules; /* array of ngx_http_access_rule_t */
18 } ngx_http_access_loc_conf_t;
19
20
21 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
22 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
23 void *conf);
24 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
25 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
26 void *parent, void *child);
27 static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle);
28
29
30 static ngx_command_t ngx_http_access_commands[] = {
31
32 { ngx_string("allow"),
33 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
34 ngx_http_access_rule,
35 NGX_HTTP_LOC_CONF_OFFSET,
36 0,
37 NULL },
38
39 { ngx_string("deny"),
40 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
41 ngx_http_access_rule,
42 NGX_HTTP_LOC_CONF_OFFSET,
43 0,
44 NULL },
45
46 ngx_null_command
47 };
48
49
50
51 ngx_http_module_t ngx_http_access_module_ctx = {
52 NULL, /* pre conf */
53
54 NULL, /* create main configuration */
55 NULL, /* init main configuration */
56
57 NULL, /* create server configuration */
58 NULL, /* merge server configuration */
59
60 ngx_http_access_create_loc_conf, /* create location configuration */
61 ngx_http_access_merge_loc_conf /* merge location configuration */
62 };
63
64
65 ngx_module_t ngx_http_access_module = {
66 NGX_MODULE,
67 &ngx_http_access_module_ctx, /* module context */
68 ngx_http_access_commands, /* module directives */
69 NGX_HTTP_MODULE, /* module type */
70 ngx_http_access_init, /* init module */
71 NULL /* init child */
72 };
73
74
75 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r)
76 {
77 ngx_uint_t i;
78 struct sockaddr_in *addr_in;
79 ngx_http_access_rule_t *rule;
80 ngx_http_access_loc_conf_t *alcf;
81
82 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
83
84 if (alcf->rules == NULL) {
85 return NGX_OK;
86 }
87
88 /* AF_INET only */
89
90 addr_in = (struct sockaddr_in *) r->connection->sockaddr;
91
92 rule = alcf->rules->elts;
93 for (i = 0; i < alcf->rules->nelts; i++) {
94
95 if ((addr_in->sin_addr.s_addr & rule[i].mask) == rule[i].addr) {
96 if (rule[i].deny) {
97 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
98 "access forbidden by rule");
99
100 return NGX_HTTP_FORBIDDEN;
101 }
102
103 return NGX_OK;
104 }
105 }
106
107 return NGX_OK;
108 }
109
110
111 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
112 void *conf)
113 {
114 ngx_http_access_loc_conf_t *alcf = conf;
115
116 ngx_str_t *value;
117 ngx_inet_cidr_t in_cidr;
118 ngx_http_access_rule_t *rule;
119
120 if (alcf->rules == NULL) {
121 alcf->rules = ngx_create_array(cf->pool, 5,
122 sizeof(ngx_http_access_rule_t));
123 if (alcf->rules == NULL) {
124 return NGX_CONF_ERROR;
125 }
126 }
127
128 if (!(rule = ngx_push_array(alcf->rules))) {
129 return NGX_CONF_ERROR;
130 }
131
132 value = cf->args->elts;
133
134 rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
135
136 if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) {
137 rule->mask = 0;
138 rule->addr = 0;
139
140 return NGX_CONF_OK;
141 }
142
143 rule->addr = inet_addr((char *) value[1].data);
144
145 if (rule->addr != INADDR_NONE) {
146 rule->mask = 0xffffffff;
147
148 return NGX_CONF_OK;
149 }
150
151 if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
152 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid paramter \"%s\"",
153 value[1].data);
154 return NGX_CONF_ERROR;
155 }
156
157 rule->mask = in_cidr.mask;
158 rule->addr = in_cidr.addr;
159
160 return NGX_CONF_OK;
161 }
162
163
164 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf)
165 {
166 ngx_http_access_loc_conf_t *conf;
167
168 if (!(conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)))) {
169 return NGX_CONF_ERROR;
170 }
171
172 return conf;
173 }
174
175
176 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
177 void *parent, void *child)
178 {
179 ngx_http_access_loc_conf_t *prev = parent;
180 ngx_http_access_loc_conf_t *conf = child;
181
182 if (conf->rules == NULL) {
183 conf->rules = prev->rules;
184 }
185
186 return NGX_CONF_OK;
187 }
188
189
190 static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle)
191 {
192 ngx_http_handler_pt *h;
193 ngx_http_conf_ctx_t *ctx;
194 ngx_http_core_main_conf_t *cmcf;
195
196 ctx = (ngx_http_conf_ctx_t *) cycle->conf_ctx[ngx_http_module.index];
197 cmcf = ctx->main_conf[ngx_http_core_module.ctx_index];
198
199 h = ngx_push_array(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
200 if (h == NULL) {
201 return NGX_ERROR;
202 }
203
204 *h = ngx_http_access_handler;
205
206 return NGX_OK;
207 }