Google Git
Sign in
nginx / nginx / 6deb041b2f9b360c80bb2530b1fb55634305a55b / . / src / http / modules / ngx_http_access_handler.c
blob: 6dd572931ad680d42eccbd161673d7c765cb4c62 [file] [log] [blame]
Igor Sysoev59f3aa32004-06-24 16:07:04 +0000[diff] [blame]1
2#include <ngx_config.h>
3#include <ngx_core.h>
4#include <ngx_http.h>
5
6
7/* AF_INET only */
8
9typedef struct {
10 in_addr_t mask;
11 in_addr_t addr;
12 unsigned deny;
13} ngx_http_access_rule_t;
14
15
16typedef struct {
17 ngx_array_t *rules; /* array of ngx_http_access_rule_t */
18} ngx_http_access_loc_conf_t;
19
20
21static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
22static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
23 void *conf);
24static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
25static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
26 void *parent, void *child);
27static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle);
28
29
30static ngx_command_t ngx_http_access_commands[] = {
31
32 { ngx_string("allow"),
33 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
34 ngx_http_access_rule,
35 NGX_HTTP_LOC_CONF_OFFSET,
36 0,
37 NULL },
38
39 { ngx_string("deny"),
40 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
41 ngx_http_access_rule,
42 NGX_HTTP_LOC_CONF_OFFSET,
43 0,
44 NULL },
45
46 ngx_null_command
47};
48
49
50
51ngx_http_module_t ngx_http_access_module_ctx = {
52 NULL, /* pre conf */
53
54 NULL, /* create main configuration */
55 NULL, /* init main configuration */
56
57 NULL, /* create server configuration */
58 NULL, /* merge server configuration */
59
60 ngx_http_access_create_loc_conf, /* create location configuration */
61 ngx_http_access_merge_loc_conf /* merge location configuration */
62};
63
64
65ngx_module_t ngx_http_access_module = {
66 NGX_MODULE,
67 &ngx_http_access_module_ctx, /* module context */
68 ngx_http_access_commands, /* module directives */
69 NGX_HTTP_MODULE, /* module type */
70 ngx_http_access_init, /* init module */
71 NULL /* init child */
72};
73
74
75static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r)
76{
77 ngx_uint_t i;
78 struct sockaddr_in *addr_in;
79 ngx_http_access_rule_t *rule;
80 ngx_http_access_loc_conf_t *alcf;
81
82 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
83
84 if (alcf->rules == NULL) {
85 return NGX_OK;
86 }
87
88 /* AF_INET only */
89
90 addr_in = (struct sockaddr_in *) r->connection->sockaddr;
91
92 rule = alcf->rules->elts;
93 for (i = 0; i < alcf->rules->nelts; i++) {
94
Igor Sysoev6deb0412004-07-30 17:05:14 +0000[diff] [blame^]95ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "%08X %08X %08X",
96 addr_in->sin_addr.s_addr, rule[i].mask, rule[i].addr);
97
Igor Sysoev59f3aa32004-06-24 16:07:04 +0000[diff] [blame]98 if ((addr_in->sin_addr.s_addr & rule[i].mask) == rule[i].addr) {
99 if (rule[i].deny) {
100 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
101 "access forbidden by rule");
102
103 return NGX_HTTP_FORBIDDEN;
104 }
105
106 return NGX_OK;
107 }
108 }
109
110 return NGX_OK;
111}
112
113
114static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
115 void *conf)
116{
117 ngx_http_access_loc_conf_t *alcf = conf;
118
119 ngx_str_t *value;
120 ngx_inet_cidr_t in_cidr;
121 ngx_http_access_rule_t *rule;
122
123 if (alcf->rules == NULL) {
124 alcf->rules = ngx_create_array(cf->pool, 5,
125 sizeof(ngx_http_access_rule_t));
126 if (alcf->rules == NULL) {
127 return NGX_CONF_ERROR;
128 }
129 }
130
131 if (!(rule = ngx_push_array(alcf->rules))) {
132 return NGX_CONF_ERROR;
133 }
134
135 value = cf->args->elts;
136
137 rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
138
139 if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) {
140 rule->mask = 0;
141 rule->addr = 0;
142
143 return NGX_CONF_OK;
144 }
145
146 rule->addr = inet_addr((char *) value[1].data);
147
148 if (rule->addr != INADDR_NONE) {
149 rule->mask = 0xffffffff;
150
151 return NGX_CONF_OK;
152 }
153
154 if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
155 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid paramter \"%s\"",
156 value[1].data);
157 return NGX_CONF_ERROR;
158 }
159
160 rule->mask = in_cidr.mask;
161 rule->addr = in_cidr.addr;
162
163 return NGX_CONF_OK;
164}
165
166
167static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf)
168{
169 ngx_http_access_loc_conf_t *conf;
170
171 if (!(conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)))) {
172 return NGX_CONF_ERROR;
173 }
174
175 return conf;
176}
177
178
179static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
180 void *parent, void *child)
181{
182 ngx_http_access_loc_conf_t *prev = parent;
183 ngx_http_access_loc_conf_t *conf = child;
184
185 if (conf->rules == NULL) {
186 conf->rules = prev->rules;
187 }
188
189 return NGX_CONF_OK;
190}
191
192
193static ngx_int_t ngx_http_access_init(ngx_cycle_t *cycle)
194{
195 ngx_http_handler_pt *h;
Igor Sysoev59f3aa32004-06-24 16:07:04 +0000[diff] [blame]196 ngx_http_core_main_conf_t *cmcf;
197
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]198 cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module);
Igor Sysoev59f3aa32004-06-24 16:07:04 +0000[diff] [blame]199
200 h = ngx_push_array(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
201 if (h == NULL) {
202 return NGX_ERROR;
203 }
204
205 *h = ngx_http_access_handler;
206
207 return NGX_OK;
208}