From e5d34daecc741ddd91a5912dcbf384e1f2b13f3e Mon Sep 17 00:00:00 2001
From: yongfu-office <rickie622@gmail.com>
Date: Fri, 7 Nov 2014 18:06:10 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E5=A2=9E=E5=8A=A0ip=E7=99=BD=E5=90=8D?=
 =?UTF-8?q?=E5=8D=95=E7=9A=84ip=E6=AE=B5=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.lua |  6 +++---
 init.lua   | 33 ++++++++++++++++++++++++++++-----
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/config.lua b/config.lua
index d555456..b39b93b 100644
--- a/config.lua
+++ b/config.lua
@@ -4,9 +4,9 @@ logdir = "/usr/local/nginx/logs/hack/"
 UrlDeny="on"
 Redirect="on"
 CookieMatch="on"
-postMatch="on" 
-whiteModule="on" 
-ipWhitelist={"127.0.0.1"}
+postMatch="on"
+whiteModule="on"
+ipWhitelist={"127.0.0.1","192.168.1.0-192.168.1.255"}
 ipBlocklist={"1.0.0.1"}
 CCDeny="off"
 CCrate="100/60"
diff --git a/init.lua b/init.lua
index d7970e9..9e6db9c 100644
--- a/init.lua
+++ b/init.lua
@@ -4,7 +4,7 @@ local ngxmatch=ngx.re.match
 local unescape=ngx.unescape_uri
 local get_headers = ngx.req.get_headers
 local optionIsOn = function (options) return options == "on" and true or false end
-logpath = logdir 
+logpath = logdir
 rulepath = RulePath
 UrlDeny = optionIsOn(UrlDeny)
 PostCheck = optionIsOn(postMatch)
@@ -17,13 +17,25 @@ Redirect=optionIsOn(Redirect)
 function getClientIp()
         IP = ngx.req.get_headers()["X-Real-IP"]
         if IP == nil then
-                IP  = ngx.var.remote_addr 
+                IP  = ngx.var.remote_addr
         end
         if IP == nil then
                 IP  = "unknown"
         end
         return IP
 end
+function ipToDecimal(ckip)
+    local n = 4
+    local num = 0
+    local pos = 0
+    for st, sp in function() return string.find(ckip, '.', pos, true) end do
+        n = n - 1
+        num = num + string.sub(ckip, pos, st-1) * (256 ^ n)
+        pos = sp + 1
+        if n == 1 then num = num + string.sub(ckip, pos, string.len(ckip)) end
+    end
+    return num
+end
 function write(logfile,msg)
     local fd = io.open(logfile,"ab")
     if fd == nil then return end
@@ -81,7 +93,7 @@ function whiteurl()
         if wturlrules ~=nil then
             for _,rule in pairs(wturlrules) do
                 if ngxmatch(ngx.var.request_uri,rule,"imjo") then
-                    return true 
+                    return true
                  end
             end
         end
@@ -203,13 +215,24 @@ end
 
 function whiteip()
     if next(ipWhitelist) ~= nil then
+        local cIP = getClientIp()
+        local numIP = 0
+        if cIP ~= "unknown" then numIP = tonumber(ipToDecimal(cIP))  end
         for _,ip in pairs(ipWhitelist) do
-            if getClientIp()==ip then
+            local pos = 0
+            local s, e = string.find(ip, '-', pos, true)
+            if s == nil and cIP == ip then
                 return true
+            elseif s ~= nil then
+                sIP = tonumber(ipToDecimal(string.sub(ip, 0, s - 1)))
+                eIP = tonumber(ipToDecimal(string.sub(ip, e + 1, string.len(ip))))
+                if numIP >= sIP and numIP <= eIP then
+                   return true
+                end
             end
         end
     end
-        return false
+    return false
 end
 
 function blockip()

From 7cbdb83aa5fe90e8211bab716310de3e300c1e25 Mon Sep 17 00:00:00 2001
From: RickieL <rickie622@gmail.com>
Date: Fri, 7 Nov 2014 20:51:48 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E9=BB=91=E5=90=8D?=
 =?UTF-8?q?=E5=8D=95=E7=9A=84ip=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

新增黑名单的ip段
---
 init.lua | 44 +++++++++++++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 17 deletions(-)

diff --git a/init.lua b/init.lua
index 9e6db9c..c410627 100644
--- a/init.lua
+++ b/init.lua
@@ -26,15 +26,15 @@ function getClientIp()
 end
 function ipToDecimal(ckip)
     local n = 4
-    local num = 0
+    local decimalNum = 0
     local pos = 0
-    for st, sp in function() return string.find(ckip, '.', pos, true) end do
+    for s, e in function() return string.find(ckip, '.', pos, true) end do
         n = n - 1
-        num = num + string.sub(ckip, pos, st-1) * (256 ^ n)
-        pos = sp + 1
-        if n == 1 then num = num + string.sub(ckip, pos, string.len(ckip)) end
+        decimalNum = decimalNum + string.sub(ckip, pos, s-1) * (256 ^ n)
+        pos = e + 1
+        if n == 1 then decimalNum = decimalNum + string.sub(ckip, pos, string.len(ckip)) end
     end
-    return num
+    return decimalNum
 end
 function write(logfile,msg)
     local fd = io.open(logfile,"ab")
@@ -219,8 +219,7 @@ function whiteip()
         local numIP = 0
         if cIP ~= "unknown" then numIP = tonumber(ipToDecimal(cIP))  end
         for _,ip in pairs(ipWhitelist) do
-            local pos = 0
-            local s, e = string.find(ip, '-', pos, true)
+            local s, e = string.find(ip, '-', 0, true)
             if s == nil and cIP == ip then
                 return true
             elseif s ~= nil then
@@ -236,13 +235,24 @@ function whiteip()
 end
 
 function blockip()
-     if next(ipBlocklist) ~= nil then
-         for _,ip in pairs(ipBlocklist) do
-             if getClientIp()==ip then
-                 ngx.exit(403)
-                 return true
-             end
-         end
-     end
-         return false
+    if next(ipBlocklist) ~= nil then
+        local cIP = getClientIp()
+        local numIP = 0
+        if cIP ~= "unknown" then numIP = tonumber(ipToDecimal(cIP)) end
+        for _,ip in pairs(ipBlocklist) do
+            local s, e = string.find(ip, '-', 0, true)
+            if s == nil and cIP == ip then
+                ngx.exit(403)
+                return true
+            elseif s ~= nil then
+                sIP = tonumber(ipToDecimal(string.sub(ip, 0, s - 1)))
+                eIP = tonumber(ipToDecimal(string.sub(ip, e + 1, string.len(ip))))
+                if numIP >= sIP and numIP <= eIP then
+                    ngx.exit(403)
+                    return true
+                end
+            end
+        end
+    end
+        return false
 end

From de6ed83ee24b42e6e70601c5a93c90254157c102 Mon Sep 17 00:00:00 2001
From: RickieL <rickie622@gmail.com>
Date: Fri, 7 Nov 2014 20:58:31 +0800
Subject: [PATCH 3/4] ip blocklist

---
 config.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.lua b/config.lua
index b39b93b..31df366 100644
--- a/config.lua
+++ b/config.lua
@@ -6,8 +6,8 @@ Redirect="on"
 CookieMatch="on"
 postMatch="on"
 whiteModule="on"
-ipWhitelist={"127.0.0.1","192.168.1.0-192.168.1.255"}
-ipBlocklist={"1.0.0.1"}
+ipWhitelist={"127.0.0.1","192.168.1.0-192.168.255.255"}
+ipBlocklist={"1.0.0.1","2.0.0.0-2.0.0.255"}
 CCDeny="off"
 CCrate="100/60"
 html=[[Please go away~~ ]]

From 4cff189a3cf09af8ceedf8af1f03193975b937a8 Mon Sep 17 00:00:00 2001
From: RickieL <rickie622@gmail.com>
Date: Fri, 7 Nov 2014 20:59:00 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E6=A0=BC=E5=BC=8F=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 init.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.lua b/init.lua
index c410627..ec471e2 100644
--- a/init.lua
+++ b/init.lua
@@ -254,5 +254,5 @@ function blockip()
             end
         end
     end
-        return false
+    return false
 end