Mercurial > hg > nginx
annotate src/http/modules/ngx_http_access_module.c @ 4580:ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Previous (incorrect) behaviour was to inherit ipv6 rules separately from
ipv4 ones. Now all rules are either inherited (if there are no rules
defined at current level) or not (if there are any rules defined).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 10 Apr 2012 13:25:53 +0000 |
parents | d620f497c50f |
children | 00dbfac67e48 |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
6 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_http.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
14 in_addr_t mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
15 in_addr_t addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
16 ngx_uint_t deny; /* unsigned deny:1; */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 } ngx_http_access_rule_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
19 #if (NGX_HAVE_INET6) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
21 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
22 struct in6_addr addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
23 struct in6_addr mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
24 ngx_uint_t deny; /* unsigned deny:1; */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
25 } ngx_http_access_rule6_t; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
26 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
27 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
28 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
29 typedef struct { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
30 ngx_array_t *rules; /* array of ngx_http_access_rule_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
31 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
32 ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
33 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 } ngx_http_access_loc_conf_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
37 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r); |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
38 static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
39 ngx_http_access_loc_conf_t *alcf, in_addr_t addr); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
40 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
41 static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
42 ngx_http_access_loc_conf_t *alcf, u_char *p); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
43 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
44 static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, |
501 | 46 void *conf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
47 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf, |
501 | 49 void *parent, void *child); |
681 | 50 static ngx_int_t ngx_http_access_init(ngx_conf_t *cf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 static ngx_command_t ngx_http_access_commands[] = { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 { ngx_string("allow"), |
631 | 56 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
57 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 { ngx_string("deny"), |
631 | 64 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
65 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 ngx_null_command |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
75 |
667 | 76 static ngx_http_module_t ngx_http_access_module_ctx = { |
509 | 77 NULL, /* preconfiguration */ |
681 | 78 ngx_http_access_init, /* postconfiguration */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
79 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
80 NULL, /* create main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
81 NULL, /* init main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
82 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 NULL, /* create server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
84 NULL, /* merge server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
85 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
86 ngx_http_access_create_loc_conf, /* create location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
87 ngx_http_access_merge_loc_conf /* merge location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
91 ngx_module_t ngx_http_access_module = { |
509 | 92 NGX_MODULE_V1, |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
93 &ngx_http_access_module_ctx, /* module context */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
94 ngx_http_access_commands, /* module directives */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 NGX_HTTP_MODULE, /* module type */ |
541 | 96 NULL, /* init master */ |
681 | 97 NULL, /* init module */ |
541 | 98 NULL, /* init process */ |
99 NULL, /* init thread */ | |
100 NULL, /* exit thread */ | |
101 NULL, /* exit process */ | |
102 NULL, /* exit master */ | |
103 NGX_MODULE_V1_PADDING | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
104 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
105 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
106 |
501 | 107 static ngx_int_t |
108 ngx_http_access_handler(ngx_http_request_t *r) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
109 { |
479 | 110 struct sockaddr_in *sin; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
111 ngx_http_access_loc_conf_t *alcf; |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
112 #if (NGX_HAVE_INET6) |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
113 u_char *p; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
114 in_addr_t addr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
115 struct sockaddr_in6 *sin6; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
116 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
117 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
118 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
119 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
120 switch (r->connection->sockaddr->sa_family) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
121 |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
122 case AF_INET: |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
123 if (alcf->rules) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
124 sin = (struct sockaddr_in *) r->connection->sockaddr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
125 return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
126 } |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
127 break; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
128 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
129 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
130 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
131 case AF_INET6: |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
132 sin6 = (struct sockaddr_in6 *) r->connection->sockaddr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
133 p = sin6->sin6_addr.s6_addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
134 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
135 if (alcf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
136 addr = p[12] << 24; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
137 addr += p[13] << 16; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
138 addr += p[14] << 8; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
139 addr += p[15]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
140 return ngx_http_access_inet(r, alcf, htonl(addr)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
141 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
142 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
143 if (alcf->rules6) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
144 return ngx_http_access_inet6(r, alcf, p); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
145 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
146 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
147 #endif |
2512
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
148 } |
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
149 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
150 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
151 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
152 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
153 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
154 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
155 ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
156 in_addr_t addr) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
157 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
158 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
159 ngx_http_access_rule_t *rule; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
160 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 rule = alcf->rules->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 for (i = 0; i < alcf->rules->nelts; i++) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 |
461 | 164 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
573 | 165 "access: %08XD %08XD %08XD", |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
166 addr, rule[i].mask, rule[i].addr); |
663 | 167 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
168 if ((addr & rule[i].mask) == rule[i].addr) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
169 return ngx_http_access_found(r, rule[i].deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
171 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
172 |
1786
adca43955f79
return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents:
1380
diff
changeset
|
173 return NGX_DECLINED; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
174 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
176 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
177 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
178 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
179 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
180 ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
181 u_char *p) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
182 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
183 ngx_uint_t n; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
184 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
185 ngx_http_access_rule6_t *rule6; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
186 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
187 rule6 = alcf->rules6->elts; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
188 for (i = 0; i < alcf->rules6->nelts; i++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
189 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
190 #if (NGX_DEBUG) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
191 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
192 size_t cl, ml, al; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
193 u_char ct[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
194 u_char mt[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
195 u_char at[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
196 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
197 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
198 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
199 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
200 |
3685 | 201 ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
202 "access: %*s %*s %*s", cl, ct, ml, mt, al, at); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
203 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
204 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
205 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
206 for (n = 0; n < 16; n++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
207 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
208 goto next; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
209 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
210 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
211 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
212 return ngx_http_access_found(r, rule6[i].deny); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
213 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
214 next: |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
215 continue; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
216 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
217 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
218 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
219 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
220 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
221 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
222 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
223 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
224 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
225 ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
226 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
227 ngx_http_core_loc_conf_t *clcf; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
228 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
229 if (deny) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
230 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
231 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
232 if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
233 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
234 "access forbidden by rule"); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
235 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
236 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
237 return NGX_HTTP_FORBIDDEN; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
238 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
239 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
240 return NGX_OK; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
241 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
242 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
243 |
501 | 244 static char * |
245 ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
246 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
247 ngx_http_access_loc_conf_t *alcf = conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
248 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
249 ngx_int_t rc; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
250 ngx_uint_t all; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
251 ngx_str_t *value; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
252 ngx_cidr_t cidr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
253 ngx_http_access_rule_t *rule; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
254 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
255 ngx_http_access_rule6_t *rule6; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
256 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
257 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
258 ngx_memzero(&cidr, sizeof(ngx_cidr_t)); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
259 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
260 value = cf->args->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
261 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
262 all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
263 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
264 if (!all) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
265 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
266 rc = ngx_ptocidr(&value[1], &cidr); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
267 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
268 if (rc == NGX_ERROR) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
269 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
270 "invalid parameter \"%V\"", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
271 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
272 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
273 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
274 if (rc == NGX_DONE) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
275 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
276 "low address bits of %V are meaningless", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
277 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
278 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
279 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
280 switch (cidr.family) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
281 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
282 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
283 case AF_INET6: |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
284 case 0: /* all */ |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
285 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
286 if (alcf->rules6 == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
287 alcf->rules6 = ngx_array_create(cf->pool, 4, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
288 sizeof(ngx_http_access_rule6_t)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
289 if (alcf->rules6 == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
290 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
291 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
292 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
293 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
294 rule6 = ngx_array_push(alcf->rules6); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
295 if (rule6 == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
296 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
297 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
298 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
299 rule6->mask = cidr.u.in6.mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
300 rule6->addr = cidr.u.in6.addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
301 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
302 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
303 if (!all) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
304 break; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
305 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
306 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
307 /* "all" passes through */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
308 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
309 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
310 default: /* AF_INET */ |
2537
a472d954c534
prepare ngx_ptocidr() for IPv6
Igor Sysoev <igor@sysoev.ru>
parents:
2512
diff
changeset
|
311 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
312 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
313 alcf->rules = ngx_array_create(cf->pool, 4, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
314 sizeof(ngx_http_access_rule_t)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
315 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
316 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
317 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
318 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
319 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
320 rule = ngx_array_push(alcf->rules); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
321 if (rule == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
322 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
323 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
324 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
325 rule->mask = cidr.u.in.mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
326 rule->addr = cidr.u.in.addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
327 rule->deny = (value[0].data[0] == 'd') ? 1 : 0; |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
328 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
329 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
330 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
331 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
332 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
333 |
501 | 334 static void * |
335 ngx_http_access_create_loc_conf(ngx_conf_t *cf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
336 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
337 ngx_http_access_loc_conf_t *conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
338 |
501 | 339 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)); |
340 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
341 return NULL; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
342 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
343 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
344 return conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
346 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
347 |
501 | 348 static char * |
349 ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
350 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
351 ngx_http_access_loc_conf_t *prev = parent; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
352 ngx_http_access_loc_conf_t *conf = child; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
353 |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
354 #if (NGX_HAVE_INET6) |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
355 |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
356 if (conf->rules == NULL && conf->rules6 == NULL) { |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
357 conf->rules = prev->rules; |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
358 conf->rules6 = prev->rules6; |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
359 } |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
360 |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
361 #else |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
362 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
363 if (conf->rules == NULL) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
364 conf->rules = prev->rules; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
365 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
366 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
367 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
368 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
369 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
370 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
371 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
372 |
501 | 373 static ngx_int_t |
681 | 374 ngx_http_access_init(ngx_conf_t *cf) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
375 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
376 ngx_http_handler_pt *h; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
377 ngx_http_core_main_conf_t *cmcf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
378 |
681 | 379 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
380 |
501 | 381 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
382 if (h == NULL) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
383 return NGX_ERROR; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
384 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
385 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
386 *h = ngx_http_access_handler; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
387 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
388 return NGX_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
389 } |