🐛 IP black and white list is not working.

ADD-SP · Apr 6, 2021 · 25d893d · 25d893d
1 parent c697a5a
commit 25d893d
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 7 deletions.
diff --git a/inc/ngx_http_waf_module_config.h b/inc/ngx_http_waf_module_config.h
@@ -831,6 +831,27 @@ static void* ngx_http_waf_create_srv_conf(ngx_conf_t* cf) {
     srv_conf->check_proc_no_cc[8] = ngx_http_waf_handler_check_black_cookie;
 
 
+    if (ip_trie_init(&(srv_conf->white_ipv4), std, NULL, AF_INET) != NGX_HTTP_WAF_SUCCESS) {
+        ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed");
+        return NULL;
+    }
+
+    if (ip_trie_init(&(srv_conf->white_ipv6), std, NULL, AF_INET6) != NGX_HTTP_WAF_SUCCESS) {
+        ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed");
+        return NULL;
+    }
+
+    if (ip_trie_init(&(srv_conf->black_ipv4), std, NULL, AF_INET) != NGX_HTTP_WAF_SUCCESS) {
+        ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed");
+        return NULL;
+    }
+
+    if (ip_trie_init(&(srv_conf->black_ipv6), std, NULL, AF_INET6) != NGX_HTTP_WAF_SUCCESS) {
+        ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed");
+        return NULL;
+    }
+
+
     if (srv_conf->ngx_pool == NULL
         || srv_conf->black_url == NULL
         || srv_conf->black_args == NULL

diff --git a/inc/ngx_http_waf_module_ip_trie.h b/inc/ngx_http_waf_module_ip_trie.h
@@ -306,13 +306,15 @@ static ngx_int_t ip_trie_clear(ip_trie_t* trie) {
 
     while ((item = head->next), (item != NULL && item != head)) {
         mem_pool_free(&trie->pool, item->data);
-        free(item);
         CDL_DELETE(head, item);
+        free(item);
     }
 
     mem_pool_free(&trie->pool, head->data);
-    free(head);
+    item = head;
     CDL_DELETE(head, head);
+    free(item);
+
 
     trie->root->left = NULL;
     trie->root->right = NULL;

diff --git a/src/ngx_http_waf_module_core.c b/src/ngx_http_waf_module_core.c
@@ -147,9 +147,10 @@ static void ngx_http_waf_trigger_mem_collation_event(ngx_http_request_t* r) {
         "ngx_waf_debug: Shared memory is unlocked.");
 
     if (diff_clear_minute > ngx_max(60, srv_conf->waf_cc_deny_duration / 60 * 3)) {
-        ngx_http_waf_clear_ip_access_statistics(r);
         ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, 
-            "ngx_waf_debug: Trigger process - clear ip access statistics.");
+            "ngx_waf_debug: Start process - clear ip access statistics.");
+        ngx_http_waf_clear_ip_access_statistics(r);
+
     }
 
     ngx_int_t is_need_eliminate_cache = NGX_HTTP_WAF_FALSE;
@@ -219,7 +220,7 @@ static void ngx_http_waf_clear_ip_access_statistics(ngx_http_request_t* r) {
     ngx_http_waf_srv_conf_t* srv_conf = ngx_http_get_module_srv_conf(r, ngx_http_waf_module);
 
     ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, 
-        "ngx_waf_debug: The token bucket clearing process has been started.");
+        "ngx_waf_debug: The IP statistics cleanup process has been started.");
     ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, 
         "ngx_waf_debug: The configuration of the module has been obtained.");
 
@@ -238,7 +239,7 @@ static void ngx_http_waf_clear_ip_access_statistics(ngx_http_request_t* r) {
         "ngx_waf_debug: Shared memory is unlocked.");
 
     ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, 
-        "ngx_waf_debug: The token bucket clearing process is all but complete.");
+        "ngx_waf_debug: The IP statistics cleanup process has been fully completed.");
 }
 
 
@@ -289,7 +290,7 @@ static void ngx_http_waf_eliminate_inspection_cache(ngx_http_request_t* r) {
     }
 
     ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, 
-        "ngx_waf_debug: The batch cache elimination process is all but complete.");
+        "ngx_waf_debug: The batch cache elimination process has been fully completed.");
 }