Mini Shell

Direktori : /opt/imunify360-webshield/nginx/lua/
Upload File :
Current File : //opt/imunify360-webshield/nginx/lua/accesscheck.lua

local ipset =   require "ipset_message_pb"
local ipset_socket = "unix:/var/run/imunify360/libiplists-daemon.sock"

local function write_size(little_endian, format, ...)
    local res = ''
    local values = {...}
    for i=1,#format do
        local size = tonumber(format:sub(i,i))
        local value = values[i]
        local str = ""
        for j=1,size do
            str = str .. string.char(value % 256)
            value = math.floor(value / 256)
        end
        if not little_endian then
            str = string.reverse(str)
        end
        res = res .. str
    end
    return res
end


local function read_size(big_endian, format, ...)
    values = {...}
    local total = 0
    for i=1,#format do
        local size = tonumber(format:sub(i,i))
        local value = values[i]
        if not big_endian then
            value = value:reverse()
        end
        local res = 0
        for j=1,size do
            res = res * 256 + string.byte(value:sub(j,j))
            print(res)
        end
        total = total + res
    end
    return total
end


local function composeMessage(ip)
    local msg = ipset.Request()

    msg.ip = ngx.var.remote_addr
    msg.ua = "-"
    msg.url = "-"
    msg.uid = "-"
    msg.captcha = "-"
    msg.host = "-"
    msg.proxyname = ngx.var.remote_proxy
    msg.port = ngx.var.server_port
    msg.realip = ip
    if ngx.var.domain_whitelisted == "1" then
        msg.wldomain = true
    end

    local serialized = msg:SerializeToString()
    return write_size(false, "2", string.len(serialized)) .. serialized
end

local function decomposeMessage(pb_msg)
    local status_map = {
        [0]  = "NOT_FOUND",
        [10] = "WHITE",
        [11] = "REMOTE_PROXY",
        [12] = "WHITE_STATIC",
        [20] = "BLACK",
        [21] = "COUNTRY_BLACK",
        [22] = "BLACK_LOCAL",
        [30] = "GRAY",
        [40] = "SPLASH"
    }
    local msg = ipset.Response()
    msg:ParseFromString(pb_msg)

    if msg == nil then
        return {["ip"] = nil, ["verdict"] = "ERROR"}
    end

    local verdict = status_map[msg.action]
    if verdict == nil and msg.status == 1 then
        return {["ip"] = msg.ip, ["verdict"] = "ERROR"}
    end

    return {["ip"] = msg.ip, ["verdict"] = verdict}
end

local function query_peer(ip)

    local sock = ngx.socket.tcp()
    sock:settimeout(1000)
    local ok, err = sock:connect(ipset_socket)

    if not ok then
        ngx.log(ngx.ERR, "Could not connect to ipset socket: ", err)
        return
    end

    local sent, err = sock:send(composeMessage(ip))

    if not sent then
        ngx.log(ngx.ERR, "Could not send to ipset socket: ", err)
        return
    end

    local raw_size, err = sock:receive(2)
    if not raw_size then
        ngx.log(ngx.ERR, "Could not read size from ipset socket: ", err)
        return
    end

    local expected_size = read_size(true, "2", raw_size)

    local data, err = sock:receive(expected_size)
    if not data then
        ngx.log(ngx.ERR, "Could not read data from ipset socket: ", err)
        return
    end

    sock:close()

    return decomposeMessage(data)
end

local function check()

    local remote_addr = ngx.var.remote_addr

    if remote_addr == "127.0.0.1" or remote_addr == "::1" then
        ngx.var.webshield_ip_status = "NOT_FOUND"
        return
    end

    local remote_address = ngx.var.wsuserip or remote_addr

    local response = query_peer(remote_address)
    if response == nil then
        ngx.log(ngx.WARN, "Got empty response from IPSET daemon")
        ngx.var.webshield_ip_status = "NOT_FOUND"
        return
    end

    ngx.var.webshield_ip_status = response.verdict
end

if ngx.var.access_check_enabled == "0" then
  return check()
end

Zerion Mini Shell 1.0