|
lua_package_path ";;$prefix/conf/?.lua;"; |
|
|
|
geo $http_x_forwarded_for $mallcity { |
|
ranges; |
|
default 11|110; |
|
#proxy 0.0.0.0/0; |
|
|
|
1.0.1.0-1.0.3.255 38|380; |
|
1.0.8.0-1.0.15.255 51|510; |
|
} |
|
|
|
server { |
|
listen 8099; |
|
server_name localhost; |
|
default_type text/plain; |
|
|
|
location /x { |
|
echo "${http_x_forwarded_for} mall:$mallcity"; |
|
} |
|
|
|
location /jut { |
|
echo $cookie_JUT; |
|
} |
|
|
|
location /test { |
|
# 防刷处理,$jut返回blocked表明需要阻止,返回error表明有错误,返回normal表示正常 |
|
set $jut 'normal'; |
|
|
|
# user had logged in |
|
if ($cookie_JUT) { |
|
# JUT's value is too long, just use its sha1 value |
|
set_sha1 $cjut $cookie_JUT; |
|
|
|
access_by_lua ' |
|
local redis = require "resty.redis" |
|
local red = redis:new() |
|
|
|
red:set_timeout(1000) -- 1 sec |
|
|
|
local ok, err = red:connect("127.0.0.1", 6379) |
|
if not ok then |
|
ngx.var.jut = "error" |
|
ngx.var.juterr = err |
|
return |
|
end |
|
|
|
local blockedKey = "JUT_BLOCKED_" .. ngx.var.cjut |
|
|
|
local res, err = red:get(blockedKey) |
|
if res == "blocked" then |
|
ngx.var.jut = "blocked" |
|
return |
|
end |
|
|
|
local script = "local times = redis.call(\'incr\', KEYS[1]) " |
|
.. " if times == 1 then " |
|
.. " redis.call(\'expire\', KEYS[1], ARGV[1]) " |
|
.. " end " |
|
.. " return times" |
|
|
|
local res10s, err10s = red:eval(script, 1, "JUT_COUNT_10S_" .. ngx.var.cjut, 10) |
|
local res60s, err60s = red:eval(script, 1, "JUT_COUNT_60S_" .. ngx.var.cjut, 60) |
|
|
|
if res10s > 15 or res60s > 60 then |
|
-- max 15 times per 10 seconds or max 60 times per 1 minute |
|
red:setex(blockedKey, 60, "blocked") -- block 60 seconds |
|
red:setex("JUT_VALUE_" .. ngx.var.cjut, 60, ngx.var.cookie_JUT) |
|
ngx.var.jut = "blocked" |
|
end |
|
'; |
|
} |
|
|
|
echo $jut; |
|
} |
|
} |
