配置如下:
##如果我是阿里的WAF,ALB,SLB后面,因为阿里已经弄好了$http_x_forwarded_for的第一个ip为客户端ip location / { access_by_lua_file "/opt/verynginx/openresty/nginx/conf/lua/whiteKeykz18.lua"; proxy_set_header xrequestid $xrequestid; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400; proxy_set_header Host $host; #proxy_set_header Host $proxy_host; #proxy_set_header Host $host:$proxy_port; proxy_set_header X-Real-IP $http_x_real_ip; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header Upgrade $http_upgrade; #这是webSocket的配置,WebSockets应用程序会在客户端和服务器之间建立一个长连接 #proxy_set_header Connection "upgrade"; #这是webSocket的配置,WebSockets应用程序会在客户端和服务器之间建立一个长连接 proxy_next_upstream error timeout http_502; proxy_next_upstream_tries 1; proxy_pass https://innerapi.yaozh.com; }
脚本如下:
-----redis 连接池设置------ local function close_redis(red) if not red then return end local pool_max_idle_time = 10000 local pool_size = 500 local ok, err = red:set_keepalive(pool_max_idle_time, pool_size) local log = ngx_log if not ok then log(ngx_ERR, "set redis keepalive error : ", err) end end ------ 连接 Redis------ local redis = require('resty.redis') local red = redis.new() red:set_timeout(10000) --连接 Redis 超时时间 local ip = "ip" local port = "6379" local ok, err = red:connect(ip,port) ------判断ip是不是公司的------ if not ok then -- ngx.log(ngx.ERR, "redis_conn_status:", ok ) -- ngx.log(ngx.ERR, "redis_conn_err:", err ) else red:auth('password') red:select('18') local clientIP = ngx.req.get_headers()["X-Real-IP"] if clientIP == nil then clientIP = ngx.req.get_headers()["x_forwarded_for"] end if clientIP == nil then clientIP = ngx.var.remote_addr end local whiteKey = "whiteKey"..clientIP local is_whiteKey,err = red:get(whiteKey) --ngx.say(is_whiteKey) --方便调试 --ngx.exit(200); ---- 执行过程 ------ if tonumber(is_whiteKey) == 1 then local ok,err = close_redis(red) else local ok,err = close_redis(red) ngx.exit(444) end end
-
« 上一篇:
63.sslscan工具
-
65.http转https
:下一篇 »