Mercurial > hg > nginx
comparison src/http/modules/ngx_http_access_handler.c @ 368:15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 24 Jun 2004 16:07:04 +0000 |
parents | |
children | 5659d773cfa8 |
comparison
equal
deleted
inserted
replaced
367:ceec87d1c2b3 | 368:15c84a40e87d |
---|---|
1 | |
2 #include <ngx_config.h> | |
3 #include <ngx_core.h> | |
4 #include <ngx_http.h> | |
5 | |
6 | |
7 /* AF_INET only */ | |
8 | |
9 typedef struct { | |
10 in_addr_t mask; | |
11 in_addr_t addr; | |
12 unsigned deny; | |
13 } ngx_http_access_rule_t; | |
14 | |
15 | |
16 typedef struct { | |
17 ngx_array_t *rules; /* array of ngx_http_access_rule_t */ | |
18 } ngx_http_access_loc_conf_t; | |
19 | |
20 | |
21 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r); | |
22 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, | |
23 void *conf); | |
24 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf); | |
25 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf, | |
26 void *parent, void *child); | |
27 static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle); | |
28 | |
29 | |
30 static ngx_command_t ngx_http_access_commands[] = { | |
31 | |
32 { ngx_string("allow"), | |
33 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
34 ngx_http_access_rule, | |
35 NGX_HTTP_LOC_CONF_OFFSET, | |
36 0, | |
37 NULL }, | |
38 | |
39 { ngx_string("deny"), | |
40 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
41 ngx_http_access_rule, | |
42 NGX_HTTP_LOC_CONF_OFFSET, | |
43 0, | |
44 NULL }, | |
45 | |
46 ngx_null_command | |
47 }; | |
48 | |
49 | |
50 | |
51 ngx_http_module_t ngx_http_access_module_ctx = { | |
52 NULL, /* pre conf */ | |
53 | |
54 NULL, /* create main configuration */ | |
55 NULL, /* init main configuration */ | |
56 | |
57 NULL, /* create server configuration */ | |
58 NULL, /* merge server configuration */ | |
59 | |
60 ngx_http_access_create_loc_conf, /* create location configuration */ | |
61 ngx_http_access_merge_loc_conf /* merge location configuration */ | |
62 }; | |
63 | |
64 | |
65 ngx_module_t ngx_http_access_module = { | |
66 NGX_MODULE, | |
67 &ngx_http_access_module_ctx, /* module context */ | |
68 ngx_http_access_commands, /* module directives */ | |
69 NGX_HTTP_MODULE, /* module type */ | |
70 ngx_http_access_init, /* init module */ | |
71 NULL /* init child */ | |
72 }; | |
73 | |
74 | |
75 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r) | |
76 { | |
77 ngx_uint_t i; | |
78 struct sockaddr_in *addr_in; | |
79 ngx_http_access_rule_t *rule; | |
80 ngx_http_access_loc_conf_t *alcf; | |
81 | |
82 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module); | |
83 | |
84 if (alcf->rules == NULL) { | |
85 return NGX_OK; | |
86 } | |
87 | |
88 /* AF_INET only */ | |
89 | |
90 addr_in = (struct sockaddr_in *) r->connection->sockaddr; | |
91 | |
92 rule = alcf->rules->elts; | |
93 for (i = 0; i < alcf->rules->nelts; i++) { | |
94 | |
95 if ((addr_in->sin_addr.s_addr & rule[i].mask) == rule[i].addr) { | |
96 if (rule[i].deny) { | |
97 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
98 "access forbidden by rule"); | |
99 | |
100 return NGX_HTTP_FORBIDDEN; | |
101 } | |
102 | |
103 return NGX_OK; | |
104 } | |
105 } | |
106 | |
107 return NGX_OK; | |
108 } | |
109 | |
110 | |
111 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, | |
112 void *conf) | |
113 { | |
114 ngx_http_access_loc_conf_t *alcf = conf; | |
115 | |
116 ngx_str_t *value; | |
117 ngx_inet_cidr_t in_cidr; | |
118 ngx_http_access_rule_t *rule; | |
119 | |
120 if (alcf->rules == NULL) { | |
121 alcf->rules = ngx_create_array(cf->pool, 5, | |
122 sizeof(ngx_http_access_rule_t)); | |
123 if (alcf->rules == NULL) { | |
124 return NGX_CONF_ERROR; | |
125 } | |
126 } | |
127 | |
128 if (!(rule = ngx_push_array(alcf->rules))) { | |
129 return NGX_CONF_ERROR; | |
130 } | |
131 | |
132 value = cf->args->elts; | |
133 | |
134 rule->deny = (value[0].data[0] == 'd') ? 1 : 0; | |
135 | |
136 if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) { | |
137 rule->mask = 0; | |
138 rule->addr = 0; | |
139 | |
140 return NGX_CONF_OK; | |
141 } | |
142 | |
143 rule->addr = inet_addr((char *) value[1].data); | |
144 | |
145 if (rule->addr != INADDR_NONE) { | |
146 rule->mask = 0xffffffff; | |
147 | |
148 return NGX_CONF_OK; | |
149 } | |
150 | |
151 if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { | |
152 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid paramter \"%s\"", | |
153 value[1].data); | |
154 return NGX_CONF_ERROR; | |
155 } | |
156 | |
157 rule->mask = in_cidr.mask; | |
158 rule->addr = in_cidr.addr; | |
159 | |
160 return NGX_CONF_OK; | |
161 } | |
162 | |
163 | |
164 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf) | |
165 { | |
166 ngx_http_access_loc_conf_t *conf; | |
167 | |
168 if (!(conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)))) { | |
169 return NGX_CONF_ERROR; | |
170 } | |
171 | |
172 return conf; | |
173 } | |
174 | |
175 | |
176 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf, | |
177 void *parent, void *child) | |
178 { | |
179 ngx_http_access_loc_conf_t *prev = parent; | |
180 ngx_http_access_loc_conf_t *conf = child; | |
181 | |
182 if (conf->rules == NULL) { | |
183 conf->rules = prev->rules; | |
184 } | |
185 | |
186 return NGX_CONF_OK; | |
187 } | |
188 | |
189 | |
190 static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle) | |
191 { | |
192 ngx_http_handler_pt *h; | |
193 ngx_http_conf_ctx_t *ctx; | |
194 ngx_http_core_main_conf_t *cmcf; | |
195 | |
196 ctx = (ngx_http_conf_ctx_t *) cycle->conf_ctx[ngx_http_module.index]; | |
197 cmcf = ctx->main_conf[ngx_http_core_module.ctx_index]; | |
198 | |
199 h = ngx_push_array(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
200 if (h == NULL) { | |
201 return NGX_ERROR; | |
202 } | |
203 | |
204 *h = ngx_http_access_handler; | |
205 | |
206 return NGX_OK; | |
207 } |