Home > Developer > Web Develop
Nginx Write C module to block the HTTP proxy server access
In this article using Apache to block the HTTP proxy server, we used Apache mod_rewrite to judge the visitor's HTTP head header, if you see signs of proxy, stop it, can further improve efficiency? So the idea of using nginx to improve efficiency, in order to fastest, the C module, so that the efficiency will be the highest.
The following is a brief introduction of the Nginx module writing:
Nginx modules are divided into two types, handle and filter. Handle is obtained after the input, direct control output The final result, and the filter is obtained after the input, the transformation, passed to the next filter in turn, the two modules slightly different.
We are here to deal with header headers, if not the agent on the release, if the agent is blocked, so should be used filter.
This tutorial is very good http://www.evanmiller.org/nginx-modules-guide.html, we suggest you see.
The key is to first thoroughly understand nginx data types, more use of their own functions, found that LXR is really a good source code browsing tools to scatter:
Key Functions section:
traverse the entire Header:part = &r->headers_in.headers.part; Header = part->elts; for (i = 0;/* void */; i++) {if (I >= part->nelts) {if (Part->next = = NULL) { Break } part = part->next; Header = part->elts; i = 0; }} Compare Header: if (ngx_strncasecmp (Header[i].key.data, (U_char *) "via", 3) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "forwarded", 7) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent_via", 13) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent-via", 13) = = 0......| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "mt_proxy_id", 11) = = 0| | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Mt-proxy-id", one) = = 0) Nginx-related data structures involved:
ngx_str_t
ngx_table_elt_t
ngx_list_part_t
ngx_http_request_t
Source code Download: Ngx_http_proxyblock_module.c.txt
/* Copyright (C) Zhangranrui, [email protected] */#include <ngx_config.h> #include <ngx_core.h># Include <ngx_http.h>static ngx_int_t ngx_http_proxyblock_init (ngx_conf_t *cf), static ngx_http_module_t Ngx_ Http_proxyblock_module_ctx = {NULL,/* preconfiguration */Ngx_http_proxyblock_ini T,/* postconfiguration */NULL,/* Create main configuration */null, /* Init main configuration */NULL,/* Create server Configur ation */NULL,/* Merge server configuration */null, /* Create location Configuration */NULL/* Merge location configuration */};ngx_ module_t Ngx_http_proxyblock_module = {NGX_MODULE_V1, &NGX_HTTP_PROXYBLOCK_MODULE_CTX,/* Module context */ NULL,/* Module directives */NGX_http_module,/* MODULE type */NULL,/* INIT master */null ,/* INIT module */NULL,/* INIT process */NULL, /* INIT thread */NULL,/* EXIT thread */NULL, /* Exit Process */NULL,/* Exit Master */Ngx_modu Le_v1_padding};static ngx_http_output_header_filter_pt ngx_http_next_header_filter;static Ngx_int_tngx_http_ Proxyblock (ngx_http_request_t *r) {ngx_int_t rc; Char remote_ip[16] = {0}; if (! ( R->method & (ngx_http_get| Ngx_http_head)) {return ngx_http_not_allowed; } rc = Ngx_http_discard_request_body (r); if (rc! = NGX_OK) {return rc; } ngx_list_part_t *part; ngx_table_elt_t *header; ngx_uint_t I, hash; PaRT = &r->headers_in.headers.part; Header = part->elts; for (i = 0;/* void */; i++) {if (I >= part->nelts) {if (Part->next = = NULL) { Break } part = part->next; Header = part->elts; i = 0; if (ngx_strncasecmp (Header[i].key.data, (U_char *) "via", 3) = = 0 | | ngx_strncasecmp (HEADER[I] . Key.data, (U_char *) "forwarded", 7) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent_via", 13) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Useragent-via", 13) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "x_forwarded_for", 15) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "x-forwarded-for", 15) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "xproxy_connection", 17) = = 0 | | Ngx_stRNCASECMP (Header[i].key.data, (U_char *) "xproxy-connection", 17) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "proxy_connection", 16) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "proxy-connection", 16) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_pc_remote_addr", 19) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_pc_remote_addr", 19) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "mt_proxy_id", 11) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "Mt-proxy-id", 11) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http_client_ip", 14) = = 0 | | NGX_STRNCASECMP (Header[i].key.data, (U_char *) "http-client-ip", + = = 0) {snprintf (remote_ip , R->connection->addr_text.len, "%s", R->connection->addr_text.data); fprintf (stderr, "IP%s is blocked by heAder (%s:%s) \ n ", Remote_ip, Header[i].key.data, Header[i].value.data); Goto found; }} return Ngx_http_next_header_filter (r); Found:return Ngx_http_internal_server_error;} Static Ngx_int_tngx_http_proxyblock_init (ngx_conf_t *cf) {ngx_http_next_header_filter = Ngx_http_top_header_filter; Ngx_http_top_header_filter = Ngx_http_proxyblock; return NGX_OK;}
Compile process:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | Tar ZXVF Nginx - 0.7.58.tar.gz adb Nginx - 0.7.58 mkdir Mo #把ngx_http_proxyblock_module. C into the MO directory #在mo目录下建立config文件 VI Mo / Config Ngx_addon_name = Ngx_http_proxyblock_module Http_aux_filter_modules = "$HTTP _aux_filter_modules ngx_http_proxyblock_module" Ngx_addon_srcs = "$NGX _addon_srcs $ngx _addon_dir/ngx_http_proxyblock_module.c" Core_libs = "$CORE _libs"#编译的时候加参数--add-module . / Configure -- without - Pcre -- Add - Module = . / Mo |
Nginx Write C module to block the HTTP proxy server access
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
