Groonga 3.0.9 Source Code Document
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
ngx_http_referer_module.c
Go to the documentation of this file.
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) Nginx, Inc.
5  */
6 
7 
8 #include <ngx_config.h>
9 #include <ngx_core.h>
10 #include <ngx_http.h>
11 
12 
13 #define NGX_HTTP_REFERER_NO_URI_PART ((void *) 4)
14 
15 #if !(NGX_PCRE)
16 
17 #define ngx_regex_t void
18 
19 #endif
20 
21 
22 typedef struct {
23  ngx_hash_combined_t hash;
24 
25 #if (NGX_PCRE)
26  ngx_array_t *regex;
27 #endif
28 
29  ngx_flag_t no_referer;
30  ngx_flag_t blocked_referer;
31 
32  ngx_hash_keys_arrays_t *keys;
33 
34  ngx_uint_t referer_hash_max_size;
35  ngx_uint_t referer_hash_bucket_size;
36 } ngx_http_referer_conf_t;
37 
38 
39 static void * ngx_http_referer_create_conf(ngx_conf_t *cf);
40 static char * ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent,
41  void *child);
42 static char *ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd,
43  void *conf);
44 static char *ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
45  ngx_str_t *value, ngx_str_t *uri);
46 static char *ngx_http_add_regex_referer(ngx_conf_t *cf,
47  ngx_http_referer_conf_t *rlcf, ngx_str_t *name, ngx_regex_t *regex);
48 static int ngx_libc_cdecl ngx_http_cmp_referer_wildcards(const void *one,
49  const void *two);
50 
51 
52 static ngx_command_t ngx_http_referer_commands[] = {
53 
54  { ngx_string("valid_referers"),
55  NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
56  ngx_http_valid_referers,
57  NGX_HTTP_LOC_CONF_OFFSET,
58  0,
59  NULL },
60 
61  { ngx_string("referer_hash_max_size"),
62  NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
63  ngx_conf_set_num_slot,
64  NGX_HTTP_LOC_CONF_OFFSET,
65  offsetof(ngx_http_referer_conf_t, referer_hash_max_size),
66  NULL },
67 
68  { ngx_string("referer_hash_bucket_size"),
69  NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
70  ngx_conf_set_num_slot,
71  NGX_HTTP_LOC_CONF_OFFSET,
72  offsetof(ngx_http_referer_conf_t, referer_hash_bucket_size),
73  NULL },
74 
75  ngx_null_command
76 };
77 
78 
79 static ngx_http_module_t ngx_http_referer_module_ctx = {
80  NULL, /* preconfiguration */
81  NULL, /* postconfiguration */
82 
83  NULL, /* create main configuration */
84  NULL, /* init main configuration */
85 
86  NULL, /* create server configuration */
87  NULL, /* merge server configuration */
88 
89  ngx_http_referer_create_conf, /* create location configuration */
90  ngx_http_referer_merge_conf /* merge location configuration */
91 };
92 
93 
94 ngx_module_t ngx_http_referer_module = {
95  NGX_MODULE_V1,
96  &ngx_http_referer_module_ctx, /* module context */
97  ngx_http_referer_commands, /* module directives */
98  NGX_HTTP_MODULE, /* module type */
99  NULL, /* init master */
100  NULL, /* init module */
101  NULL, /* init process */
102  NULL, /* init thread */
103  NULL, /* exit thread */
104  NULL, /* exit process */
105  NULL, /* exit master */
106  NGX_MODULE_V1_PADDING
107 };
108 
109 
110 static ngx_int_t
111 ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
112  uintptr_t data)
113 {
114  u_char *p, *ref, *last;
115  size_t len;
116  ngx_str_t *uri;
117  ngx_uint_t i, key;
118  ngx_http_referer_conf_t *rlcf;
119  u_char buf[256];
120 
121  rlcf = ngx_http_get_module_loc_conf(r, ngx_http_referer_module);
122 
123  if (rlcf->hash.hash.buckets == NULL
124  && rlcf->hash.wc_head == NULL
125  && rlcf->hash.wc_tail == NULL
126 #if (NGX_PCRE)
127  && rlcf->regex == NULL
128 #endif
129  )
130  {
131  goto valid;
132  }
133 
134  if (r->headers_in.referer == NULL) {
135  if (rlcf->no_referer) {
136  goto valid;
137  }
138 
139  goto invalid;
140  }
141 
142  len = r->headers_in.referer->value.len;
143  ref = r->headers_in.referer->value.data;
144 
145  if (len >= sizeof("http://i.ru") - 1) {
146  last = ref + len;
147 
148  if (ngx_strncasecmp(ref, (u_char *) "http://", 7) == 0) {
149  ref += 7;
150  goto valid_scheme;
151 
152  } else if (ngx_strncasecmp(ref, (u_char *) "https://", 8) == 0) {
153  ref += 8;
154  goto valid_scheme;
155  }
156  }
157 
158  if (rlcf->blocked_referer) {
159  goto valid;
160  }
161 
162  goto invalid;
163 
164 valid_scheme:
165 
166  i = 0;
167  key = 0;
168 
169  for (p = ref; p < last; p++) {
170  if (*p == '/' || *p == ':') {
171  break;
172  }
173 
174  buf[i] = ngx_tolower(*p);
175  key = ngx_hash(key, buf[i++]);
176 
177  if (i == 256) {
178  goto invalid;
179  }
180  }
181 
182  uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref);
183 
184  if (uri) {
185  goto uri;
186  }
187 
188 #if (NGX_PCRE)
189 
190  if (rlcf->regex) {
191  ngx_int_t rc;
192  ngx_str_t referer;
193 
194  referer.len = len - 7;
195  referer.data = ref;
196 
197  rc = ngx_regex_exec_array(rlcf->regex, &referer, r->connection->log);
198 
199  if (rc == NGX_OK) {
200  goto valid;
201  }
202 
203  if (rc == NGX_ERROR) {
204  return rc;
205  }
206 
207  /* NGX_DECLINED */
208  }
209 
210 #endif
211 
212 invalid:
213 
214  *v = ngx_http_variable_true_value;
215 
216  return NGX_OK;
217 
218 uri:
219 
220  for ( /* void */ ; p < last; p++) {
221  if (*p == '/') {
222  break;
223  }
224  }
225 
226  len = last - p;
227 
228  if (uri == NGX_HTTP_REFERER_NO_URI_PART) {
229  goto valid;
230  }
231 
232  if (len < uri->len || ngx_strncmp(uri->data, p, uri->len) != 0) {
233  goto invalid;
234  }
235 
236 valid:
237 
238  *v = ngx_http_variable_null_value;
239 
240  return NGX_OK;
241 }
242 
243 
244 static void *
245 ngx_http_referer_create_conf(ngx_conf_t *cf)
246 {
247  ngx_http_referer_conf_t *conf;
248 
249  conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_referer_conf_t));
250  if (conf == NULL) {
251  return NULL;
252  }
253 
254 #if (NGX_PCRE)
255  conf->regex = NGX_CONF_UNSET_PTR;
256 #endif
257 
258  conf->no_referer = NGX_CONF_UNSET;
259  conf->blocked_referer = NGX_CONF_UNSET;
260  conf->referer_hash_max_size = NGX_CONF_UNSET_UINT;
261  conf->referer_hash_bucket_size = NGX_CONF_UNSET_UINT;
262 
263  return conf;
264 }
265 
266 
267 static char *
268 ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child)
269 {
270  ngx_http_referer_conf_t *prev = parent;
271  ngx_http_referer_conf_t *conf = child;
272 
273  ngx_hash_init_t hash;
274 
275  if (conf->keys == NULL) {
276  conf->hash = prev->hash;
277 
278 #if (NGX_PCRE)
279  ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
280 #endif
281  ngx_conf_merge_value(conf->no_referer, prev->no_referer, 0);
282  ngx_conf_merge_value(conf->blocked_referer, prev->blocked_referer, 0);
283  ngx_conf_merge_uint_value(conf->referer_hash_max_size,
284  prev->referer_hash_max_size, 2048);
285  ngx_conf_merge_uint_value(conf->referer_hash_bucket_size,
286  prev->referer_hash_bucket_size, 64);
287 
288  return NGX_CONF_OK;
289  }
290 
291  if ((conf->no_referer == 1 || conf->blocked_referer == 1)
292  && conf->keys->keys.nelts == 0
293  && conf->keys->dns_wc_head.nelts == 0
294  && conf->keys->dns_wc_tail.nelts == 0)
295  {
296  ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
297  "the \"none\" or \"blocked\" referers are specified "
298  "in the \"valid_referers\" directive "
299  "without any valid referer");
300  return NGX_CONF_ERROR;
301  }
302 
303  ngx_conf_merge_uint_value(conf->referer_hash_max_size,
304  prev->referer_hash_max_size, 2048);
305  ngx_conf_merge_uint_value(conf->referer_hash_bucket_size,
306  prev->referer_hash_bucket_size, 64);
307  conf->referer_hash_bucket_size = ngx_align(conf->referer_hash_bucket_size,
308  ngx_cacheline_size);
309 
310  hash.key = ngx_hash_key_lc;
311  hash.max_size = conf->referer_hash_max_size;
312  hash.bucket_size = conf->referer_hash_bucket_size;
313  hash.name = "referer_hash";
314  hash.pool = cf->pool;
315 
316  if (conf->keys->keys.nelts) {
317  hash.hash = &conf->hash.hash;
318  hash.temp_pool = NULL;
319 
320  if (ngx_hash_init(&hash, conf->keys->keys.elts, conf->keys->keys.nelts)
321  != NGX_OK)
322  {
323  return NGX_CONF_ERROR;
324  }
325  }
326 
327  if (conf->keys->dns_wc_head.nelts) {
328 
329  ngx_qsort(conf->keys->dns_wc_head.elts,
330  (size_t) conf->keys->dns_wc_head.nelts,
331  sizeof(ngx_hash_key_t),
332  ngx_http_cmp_referer_wildcards);
333 
334  hash.hash = NULL;
335  hash.temp_pool = cf->temp_pool;
336 
337  if (ngx_hash_wildcard_init(&hash, conf->keys->dns_wc_head.elts,
338  conf->keys->dns_wc_head.nelts)
339  != NGX_OK)
340  {
341  return NGX_CONF_ERROR;
342  }
343 
344  conf->hash.wc_head = (ngx_hash_wildcard_t *) hash.hash;
345  }
346 
347  if (conf->keys->dns_wc_tail.nelts) {
348 
349  ngx_qsort(conf->keys->dns_wc_tail.elts,
350  (size_t) conf->keys->dns_wc_tail.nelts,
351  sizeof(ngx_hash_key_t),
352  ngx_http_cmp_referer_wildcards);
353 
354  hash.hash = NULL;
355  hash.temp_pool = cf->temp_pool;
356 
357  if (ngx_hash_wildcard_init(&hash, conf->keys->dns_wc_tail.elts,
358  conf->keys->dns_wc_tail.nelts)
359  != NGX_OK)
360  {
361  return NGX_CONF_ERROR;
362  }
363 
364  conf->hash.wc_tail = (ngx_hash_wildcard_t *) hash.hash;
365  }
366 
367 #if (NGX_PCRE)
368  ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
369 #endif
370 
371  if (conf->no_referer == NGX_CONF_UNSET) {
372  conf->no_referer = 0;
373  }
374 
375  if (conf->blocked_referer == NGX_CONF_UNSET) {
376  conf->blocked_referer = 0;
377  }
378 
379  conf->keys = NULL;
380 
381  return NGX_CONF_OK;
382 }
383 
384 
385 static char *
386 ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
387 {
388  ngx_http_referer_conf_t *rlcf = conf;
389 
390  u_char *p;
391  ngx_str_t *value, uri, name;
392  ngx_uint_t i, n;
393  ngx_http_variable_t *var;
394  ngx_http_server_name_t *sn;
395  ngx_http_core_srv_conf_t *cscf;
396 
397  ngx_str_set(&name, "invalid_referer");
398 
399  var = ngx_http_add_variable(cf, &name,
400  NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOHASH);
401  if (var == NULL) {
402  return NGX_CONF_ERROR;
403  }
404 
405  var->get_handler = ngx_http_referer_variable;
406 
407  if (rlcf->keys == NULL) {
408  rlcf->keys = ngx_pcalloc(cf->temp_pool, sizeof(ngx_hash_keys_arrays_t));
409  if (rlcf->keys == NULL) {
410  return NGX_CONF_ERROR;
411  }
412 
413  rlcf->keys->pool = cf->pool;
414  rlcf->keys->temp_pool = cf->pool;
415 
416  if (ngx_hash_keys_array_init(rlcf->keys, NGX_HASH_SMALL) != NGX_OK) {
417  return NGX_CONF_ERROR;
418  }
419  }
420 
421  value = cf->args->elts;
422 
423  for (i = 1; i < cf->args->nelts; i++) {
424  if (value[i].len == 0) {
425  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
426  "invalid referer \"%V\"", &value[i]);
427  return NGX_CONF_ERROR;
428  }
429 
430  if (ngx_strcmp(value[i].data, "none") == 0) {
431  rlcf->no_referer = 1;
432  continue;
433  }
434 
435  if (ngx_strcmp(value[i].data, "blocked") == 0) {
436  rlcf->blocked_referer = 1;
437  continue;
438  }
439 
440  ngx_str_null(&uri);
441 
442  if (ngx_strcmp(value[i].data, "server_names") == 0) {
443 
444  cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
445 
446  sn = cscf->server_names.elts;
447  for (n = 0; n < cscf->server_names.nelts; n++) {
448 
449 #if (NGX_PCRE)
450  if (sn[n].regex) {
451 
452  if (ngx_http_add_regex_referer(cf, rlcf, &sn[n].name,
453  sn[n].regex->regex)
454  != NGX_OK)
455  {
456  return NGX_CONF_ERROR;
457  }
458 
459  continue;
460  }
461 #endif
462 
463  if (ngx_http_add_referer(cf, rlcf->keys, &sn[n].name, &uri)
464  != NGX_OK)
465  {
466  return NGX_CONF_ERROR;
467  }
468  }
469 
470  continue;
471  }
472 
473  if (value[i].data[0] == '~') {
474  if (ngx_http_add_regex_referer(cf, rlcf, &value[i], NULL) != NGX_OK)
475  {
476  return NGX_CONF_ERROR;
477  }
478 
479  continue;
480  }
481 
482  p = (u_char *) ngx_strchr(value[i].data, '/');
483 
484  if (p) {
485  uri.len = (value[i].data + value[i].len) - p;
486  uri.data = p;
487  value[i].len = p - value[i].data;
488  }
489 
490  if (ngx_http_add_referer(cf, rlcf->keys, &value[i], &uri) != NGX_OK) {
491  return NGX_CONF_ERROR;
492  }
493  }
494 
495  return NGX_CONF_OK;
496 }
497 
498 
499 static char *
500 ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
501  ngx_str_t *value, ngx_str_t *uri)
502 {
503  ngx_int_t rc;
504  ngx_str_t *u;
505 
506  if (uri->len == 0) {
507  u = NGX_HTTP_REFERER_NO_URI_PART;
508 
509  } else {
510  u = ngx_palloc(cf->pool, sizeof(ngx_str_t));
511  if (u == NULL) {
512  return NGX_CONF_ERROR;
513  }
514 
515  *u = *uri;
516  }
517 
518  rc = ngx_hash_add_key(keys, value, u, NGX_HASH_WILDCARD_KEY);
519 
520  if (rc == NGX_OK) {
521  return NGX_CONF_OK;
522  }
523 
524  if (rc == NGX_DECLINED) {
525  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
526  "invalid hostname or wildcard \"%V\"", value);
527  }
528 
529  if (rc == NGX_BUSY) {
530  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
531  "conflicting parameter \"%V\"", value);
532  }
533 
534  return NGX_CONF_ERROR;
535 }
536 
537 
538 static char *
539 ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
540  ngx_str_t *name, ngx_regex_t *regex)
541 {
542 #if (NGX_PCRE)
543  ngx_regex_elt_t *re;
544  ngx_regex_compile_t rc;
545  u_char errstr[NGX_MAX_CONF_ERRSTR];
546 
547  if (name->len == 1) {
548  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "empty regex in \"%V\"", name);
549  return NGX_CONF_ERROR;
550  }
551 
552  if (rlcf->regex == NGX_CONF_UNSET_PTR) {
553  rlcf->regex = ngx_array_create(cf->pool, 2, sizeof(ngx_regex_elt_t));
554  if (rlcf->regex == NULL) {
555  return NGX_CONF_ERROR;
556  }
557  }
558 
559  re = ngx_array_push(rlcf->regex);
560  if (re == NULL) {
561  return NGX_CONF_ERROR;
562  }
563 
564  if (regex) {
565  re->regex = regex;
566  re->name = name->data;
567 
568  return NGX_CONF_OK;
569  }
570 
571  name->len--;
572  name->data++;
573 
574  ngx_memzero(&rc, sizeof(ngx_regex_compile_t));
575 
576  rc.pattern = *name;
577  rc.pool = cf->pool;
578  rc.options = NGX_REGEX_CASELESS;
579  rc.err.len = NGX_MAX_CONF_ERRSTR;
580  rc.err.data = errstr;
581 
582  if (ngx_regex_compile(&rc) != NGX_OK) {
583  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V", &rc.err);
584  return NGX_CONF_ERROR;
585  }
586 
587  re->regex = rc.regex;
588  re->name = name->data;
589 
590  return NGX_CONF_OK;
591 
592 #else
593 
594  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
595  "the using of the regex \"%V\" requires PCRE library",
596  name);
597 
598  return NGX_CONF_ERROR;
599 
600 #endif
601 }
602 
603 
604 static int ngx_libc_cdecl
605 ngx_http_cmp_referer_wildcards(const void *one, const void *two)
606 {
607  ngx_hash_key_t *first, *second;
608 
609  first = (ngx_hash_key_t *) one;
610  second = (ngx_hash_key_t *) two;
611 
612  return ngx_dns_strcmp(first->key.data, second->key.data);
613 }
Generated on Sun Nov 10 2013 09:49:08 for Groonga 3.0.9 Source Code Document by   doxygen 1.8.1.2