Nginx Write C module to block the HTTP proxy server access

Source: Internet
Author: User

Nginx Write C module to block the HTTP proxy server access

In this article using Apache to block the HTTP proxy server, we used Apache mod_rewrite to judge the visitor's HTTP head header, if you see signs of proxy, stop it, can further improve efficiency? So the idea of using nginx to improve efficiency, in order to fastest, the C module, so that the efficiency will be the highest.

The following is a brief introduction of the Nginx module writing:
Nginx modules are divided into two types, handle and filter. Handle is obtained after the input, direct control output The final result, and the filter is obtained after the input, the transformation, passed to the next filter in turn, the two modules slightly different.

We are here to deal with header headers, if not the agent on the release, if the agent is blocked, so should be used filter.

This tutorial is very good http://www.evanmiller.org/nginx-modules-guide.html, we suggest you see.

The key is to first thoroughly understand nginx data types, more use of their own functions, found that LXR is really a good source code browsing tools to scatter:

Key Functions section:

 traverse the entire Header:part = &r->headers_in.headers.part;        Header = part->elts;                    for (i = 0;/* void */; i++) {if (I >= part->nelts) {if (Part->next = = NULL) {                Break                } part = part->next;                Header = part->elts;            i = 0; }} Compare Header: if (ngx_strncasecmp (Header[i].key.data, (U_char *) "via", 3) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "forwarded", 7) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent_via", 13) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent-via", 13) = = 0......| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "mt_proxy_id", 11) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Mt-proxy-id", one) = = 0) 

Nginx-related data structures involved:
ngx_str_t
ngx_table_elt_t
ngx_list_part_t
ngx_http_request_t

Source code Download: Ngx_http_proxyblock_module.c.txt

/* Copyright (C) Zhangranrui, [email protected] */#include <ngx_config.h> #include <ngx_core.h># Include <ngx_http.h>static ngx_int_t ngx_http_proxyblock_init (ngx_conf_t *cf), static ngx_http_module_t Ngx_ Http_proxyblock_module_ctx = {NULL,/* preconfiguration */Ngx_http_proxyblock_ini                                  T,/* postconfiguration */NULL,/* Create main configuration */null, /* Init main configuration */NULL,/* Create server Configur                                  ation */NULL,/* Merge server configuration */null, /* Create location Configuration */NULL/* Merge location configuration */};ngx_    module_t Ngx_http_proxyblock_module = {NGX_MODULE_V1, &AMP;NGX_HTTP_PROXYBLOCK_MODULE_CTX,/* Module context */ NULL,/* Module directives */NGX_http_module,/* MODULE type */NULL,/* INIT master */null                                   ,/* INIT module */NULL,/* INIT process */NULL,                                  /* INIT thread */NULL,/* EXIT thread */NULL, /* Exit Process */NULL,/* Exit Master */Ngx_modu Le_v1_padding};static ngx_http_output_header_filter_pt ngx_http_next_header_filter;static Ngx_int_tngx_http_    Proxyblock (ngx_http_request_t *r) {ngx_int_t rc;    Char remote_ip[16] = {0}; if (! ( R->method & (ngx_http_get|    Ngx_http_head)) {return ngx_http_not_allowed;    } rc = Ngx_http_discard_request_body (r);    if (rc! = NGX_OK) {return rc;    } ngx_list_part_t *part;    ngx_table_elt_t *header;        ngx_uint_t I, hash; PaRT = &r->headers_in.headers.part;        Header = part->elts;                    for (i = 0;/* void */; i++) {if (I >= part->nelts) {if (Part->next = = NULL) {                Break                } part = part->next;                Header = part->elts;            i = 0; if (ngx_strncasecmp (Header[i].key.data, (U_char *) "via", 3) = = 0 | | ngx_strncasecmp (HEADER[I] . Key.data, (U_char *) "forwarded", 7) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent_via", 13) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent-via", 13) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "x_forwarded_for", 15) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "x-forwarded-for", 15) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "xproxy_connection", 17) = = 0 | | Ngx_stRNCASECMP (Header[i].key.data, (U_char *) "xproxy-connection", 17) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "proxy_connection", 16) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "proxy-connection", 16) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_pc_remote_addr", 19) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_pc_remote_addr", 19) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "mt_proxy_id", 11) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Mt-proxy-id", 11) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_client_ip", 14) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http-client-ip", + = = 0) {snprintf (remote_ip                , R->connection->addr_text.len, "%s", R->connection->addr_text.data); fprintf (stderr, "IP%s is blocked by heAder (%s:%s) \ n ", Remote_ip, Header[i].key.data, Header[i].value.data);            Goto found; }} return Ngx_http_next_header_filter (r); Found:return Ngx_http_internal_server_error;}    Static Ngx_int_tngx_http_proxyblock_init (ngx_conf_t *cf) {ngx_http_next_header_filter = Ngx_http_top_header_filter;    Ngx_http_top_header_filter = Ngx_http_proxyblock; return NGX_OK;}

Compile process:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Tar ZXVF Nginx - 0.7.58.tar.gz adb Nginx - 0.7.58 mkdir Mo #把ngx_http_proxyblock_module. C into the MO directory #在mo目录下建立config文件 VI Mo / Config Ngx_addon_name = Ngx_http_proxyblock_module Http_aux_filter_modules = "$HTTP _aux_filter_modules ngx_http_proxyblock_module" Ngx_addon_srcs = "$NGX _addon_srcs $ngx _addon_dir/ngx_http_proxyblock_module.c" Core_libs = "$CORE _libs"#编译的时候加参数--add-module . / Configure -- without - Pcre -- Add - Module = . / Mo

Nginx Write C module to block the HTTP proxy server access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.