diff --git a/inc/ngx_http_waf_module_config.h b/inc/ngx_http_waf_module_config.h index bc1d09b8..21680fc9 100644 --- a/inc/ngx_http_waf_module_config.h +++ b/inc/ngx_http_waf_module_config.h @@ -831,6 +831,27 @@ static void* ngx_http_waf_create_srv_conf(ngx_conf_t* cf) { srv_conf->check_proc_no_cc[8] = ngx_http_waf_handler_check_black_cookie; + if (ip_trie_init(&(srv_conf->white_ipv4), std, NULL, AF_INET) != NGX_HTTP_WAF_SUCCESS) { + ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed"); + return NULL; + } + + if (ip_trie_init(&(srv_conf->white_ipv6), std, NULL, AF_INET6) != NGX_HTTP_WAF_SUCCESS) { + ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed"); + return NULL; + } + + if (ip_trie_init(&(srv_conf->black_ipv4), std, NULL, AF_INET) != NGX_HTTP_WAF_SUCCESS) { + ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed"); + return NULL; + } + + if (ip_trie_init(&(srv_conf->black_ipv6), std, NULL, AF_INET6) != NGX_HTTP_WAF_SUCCESS) { + ngx_log_error(NGX_LOG_ERR, cf->log, 0, "ngx_waf: initialization failed"); + return NULL; + } + + if (srv_conf->ngx_pool == NULL || srv_conf->black_url == NULL || srv_conf->black_args == NULL diff --git a/inc/ngx_http_waf_module_ip_trie.h b/inc/ngx_http_waf_module_ip_trie.h index 76e59403..db184f39 100644 --- a/inc/ngx_http_waf_module_ip_trie.h +++ b/inc/ngx_http_waf_module_ip_trie.h @@ -306,13 +306,15 @@ static ngx_int_t ip_trie_clear(ip_trie_t* trie) { while ((item = head->next), (item != NULL && item != head)) { mem_pool_free(&trie->pool, item->data); - free(item); CDL_DELETE(head, item); + free(item); } mem_pool_free(&trie->pool, head->data); - free(head); + item = head; CDL_DELETE(head, head); + free(item); + trie->root->left = NULL; trie->root->right = NULL; diff --git a/src/ngx_http_waf_module_core.c b/src/ngx_http_waf_module_core.c index f0da654e..cadd29ed 100644 --- a/src/ngx_http_waf_module_core.c +++ b/src/ngx_http_waf_module_core.c @@ -147,9 +147,10 @@ static void ngx_http_waf_trigger_mem_collation_event(ngx_http_request_t* r) { "ngx_waf_debug: Shared memory is unlocked."); if (diff_clear_minute > ngx_max(60, srv_conf->waf_cc_deny_duration / 60 * 3)) { - ngx_http_waf_clear_ip_access_statistics(r); ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Trigger process - clear ip access statistics."); + "ngx_waf_debug: Start process - clear ip access statistics."); + ngx_http_waf_clear_ip_access_statistics(r); + } ngx_int_t is_need_eliminate_cache = NGX_HTTP_WAF_FALSE; @@ -219,7 +220,7 @@ static void ngx_http_waf_clear_ip_access_statistics(ngx_http_request_t* r) { ngx_http_waf_srv_conf_t* srv_conf = ngx_http_get_module_srv_conf(r, ngx_http_waf_module); ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: The token bucket clearing process has been started."); + "ngx_waf_debug: The IP statistics cleanup process has been started."); ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, "ngx_waf_debug: The configuration of the module has been obtained."); @@ -238,7 +239,7 @@ static void ngx_http_waf_clear_ip_access_statistics(ngx_http_request_t* r) { "ngx_waf_debug: Shared memory is unlocked."); ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: The token bucket clearing process is all but complete."); + "ngx_waf_debug: The IP statistics cleanup process has been fully completed."); } @@ -289,7 +290,7 @@ static void ngx_http_waf_eliminate_inspection_cache(ngx_http_request_t* r) { } ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: The batch cache elimination process is all but complete."); + "ngx_waf_debug: The batch cache elimination process has been fully completed."); }