search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nginx 1.1.11
[nginx.git] / src / http / modules / ngx_http_referer_module.c
blobcf2d744f10daf09bb5aa57fda05742ba40f76d51
1
2 /*
3 * Copyright (C) Igor Sysoev
4 */
5
6
7 #include <ngx_config.h>
8 #include <ngx_core.h>
9 #include <ngx_http.h>
10
11
12 #define NGX_HTTP_REFERER_NO_URI_PART ((void *) 4)
13
14 #if !(NGX_PCRE)
15
16 #define ngx_regex_t void
17
18 #endif
19
20
21 typedef struct {
22 ngx_hash_combined_t hash;
23
24 #if (NGX_PCRE)
25 ngx_array_t *regex;
26 #endif
27
28 ngx_flag_t no_referer;
29 ngx_flag_t blocked_referer;
30
31 ngx_hash_keys_arrays_t *keys;
32
33 ngx_uint_t referer_hash_max_size;
34 ngx_uint_t referer_hash_bucket_size;
35 } ngx_http_referer_conf_t;
36
37
38 static void * ngx_http_referer_create_conf(ngx_conf_t *cf);
39 static char * ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent,
40 void *child);
41 static char *ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd,
42 void *conf);
43 static char *ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
44 ngx_str_t *value, ngx_str_t *uri);
45 static char *ngx_http_add_regex_referer(ngx_conf_t *cf,
46 ngx_http_referer_conf_t *rlcf, ngx_str_t *name, ngx_regex_t *regex);
47 static int ngx_libc_cdecl ngx_http_cmp_referer_wildcards(const void *one,
48 const void *two);
49
50
51 static ngx_command_t ngx_http_referer_commands[] = {
52
53 { ngx_string("valid_referers"),
54 NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
55 ngx_http_valid_referers,
56 NGX_HTTP_LOC_CONF_OFFSET,
57 0,
58 NULL },
59
60 { ngx_string("referer_hash_max_size"),
61 NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
62 ngx_conf_set_num_slot,
63 NGX_HTTP_LOC_CONF_OFFSET,
64 offsetof(ngx_http_referer_conf_t, referer_hash_max_size),
65 NULL },
66
67 { ngx_string("referer_hash_bucket_size"),
68 NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
69 ngx_conf_set_num_slot,
70 NGX_HTTP_LOC_CONF_OFFSET,
71 offsetof(ngx_http_referer_conf_t, referer_hash_bucket_size),
72 NULL },
73
74 ngx_null_command
75 };
76
77
78 static ngx_http_module_t ngx_http_referer_module_ctx = {
79 NULL, /* preconfiguration */
80 NULL, /* postconfiguration */
81
82 NULL, /* create main configuration */
83 NULL, /* init main configuration */
84
85 NULL, /* create server configuration */
86 NULL, /* merge server configuration */
87
88 ngx_http_referer_create_conf, /* create location configuration */
89 ngx_http_referer_merge_conf /* merge location configuration */
90 };
91
92
93 ngx_module_t ngx_http_referer_module = {
94 NGX_MODULE_V1,
95 &ngx_http_referer_module_ctx, /* module context */
96 ngx_http_referer_commands, /* module directives */
97 NGX_HTTP_MODULE, /* module type */
98 NULL, /* init master */
99 NULL, /* init module */
100 NULL, /* init process */
101 NULL, /* init thread */
102 NULL, /* exit thread */
103 NULL, /* exit process */
104 NULL, /* exit master */
105 NGX_MODULE_V1_PADDING
106 };
107
108
109 static ngx_int_t
110 ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
111 uintptr_t data)
112 {
113 u_char *p, *ref, *last;
114 size_t len;
115 ngx_str_t *uri;
116 ngx_uint_t i, key;
117 ngx_http_referer_conf_t *rlcf;
118 u_char buf[256];
119
120 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_referer_module);
121
122 if (rlcf->hash.hash.buckets == NULL
123 && rlcf->hash.wc_head == NULL
124 && rlcf->hash.wc_tail == NULL
125 #if (NGX_PCRE)
126 && rlcf->regex == NULL
127 #endif
128 )
129 {
130 goto valid;
131 }
132
133 if (r->headers_in.referer == NULL) {
134 if (rlcf->no_referer) {
135 goto valid;
136 }
137
138 goto invalid;
139 }
140
141 len = r->headers_in.referer->value.len;
142 ref = r->headers_in.referer->value.data;
143
144 if (len >= sizeof("http://i.ru") - 1) {
145 last = ref + len;
146
147 if (ngx_strncasecmp(ref, (u_char *) "http://", 7) == 0) {
148 ref += 7;
149 goto valid_scheme;
150
151 } else if (ngx_strncasecmp(ref, (u_char *) "https://", 8) == 0) {
152 ref += 8;
153 goto valid_scheme;
154 }
155 }
156
157 if (rlcf->blocked_referer) {
158 goto valid;
159 }
160
161 goto invalid;
162
163 valid_scheme:
164
165 i = 0;
166 key = 0;
167
168 for (p = ref; p < last; p++) {
169 if (*p == '/' || *p == ':') {
170 break;
171 }
172
173 buf[i] = ngx_tolower(*p);
174 key = ngx_hash(key, buf[i++]);
175
176 if (i == 256) {
177 goto invalid;
178 }
179 }
180
181 uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref);
182
183 if (uri) {
184 goto uri;
185 }
186
187 #if (NGX_PCRE)
188
189 if (rlcf->regex) {
190 ngx_int_t rc;
191 ngx_str_t referer;
192
193 referer.len = len - 7;
194 referer.data = ref;
195
196 rc = ngx_regex_exec_array(rlcf->regex, &referer, r->connection->log);
197
198 if (rc == NGX_OK) {
199 goto valid;
200 }
201
202 if (rc == NGX_ERROR) {
203 return rc;
204 }
205
206 /* NGX_DECLINED */
207 }
208
209 #endif
210
211 invalid:
212
213 *v = ngx_http_variable_true_value;
214
215 return NGX_OK;
216
217 uri:
218
219 for ( /* void */ ; p < last; p++) {
220 if (*p == '/') {
221 break;
222 }
223 }
224
225 len = last - p;
226
227 if (uri == NGX_HTTP_REFERER_NO_URI_PART) {
228 goto valid;
229 }
230
231 if (len < uri->len || ngx_strncmp(uri->data, p, uri->len) != 0) {
232 goto invalid;
233 }
234
235 valid:
236
237 *v = ngx_http_variable_null_value;
238
239 return NGX_OK;
240 }
241
242
243 static void *
244 ngx_http_referer_create_conf(ngx_conf_t *cf)
245 {
246 ngx_http_referer_conf_t *conf;
247
248 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_referer_conf_t));
249 if (conf == NULL) {
250 return NULL;
251 }
252
253 #if (NGX_PCRE)
254 conf->regex = NGX_CONF_UNSET_PTR;
255 #endif
256
257 conf->no_referer = NGX_CONF_UNSET;
258 conf->blocked_referer = NGX_CONF_UNSET;
259 conf->referer_hash_max_size = NGX_CONF_UNSET_UINT;
260 conf->referer_hash_bucket_size = NGX_CONF_UNSET_UINT;
261
262 return conf;
263 }
264
265
266 static char *
267 ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child)
268 {
269 ngx_http_referer_conf_t *prev = parent;
270 ngx_http_referer_conf_t *conf = child;
271
272 ngx_hash_init_t hash;
273
274 if (conf->keys == NULL) {
275 conf->hash = prev->hash;
276
277 #if (NGX_PCRE)
278 ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
279 #endif
280 ngx_conf_merge_value(conf->no_referer, prev->no_referer, 0);
281 ngx_conf_merge_value(conf->blocked_referer, prev->blocked_referer, 0);
282 ngx_conf_merge_uint_value(conf->referer_hash_max_size,
283 prev->referer_hash_max_size, 2048);
284 ngx_conf_merge_uint_value(conf->referer_hash_bucket_size,
285 prev->referer_hash_bucket_size, 64);
286
287 return NGX_CONF_OK;
288 }
289
290 if ((conf->no_referer == 1 || conf->blocked_referer == 1)
291 && conf->keys->keys.nelts == 0
292 && conf->keys->dns_wc_head.nelts == 0
293 && conf->keys->dns_wc_tail.nelts == 0)
294 {
295 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
296 "the \"none\" or \"blocked\" referers are specified "
297 "in the \"valid_referers\" directive "
298 "without any valid referer");
299 return NGX_CONF_ERROR;
300 }
301
302 ngx_conf_merge_uint_value(conf->referer_hash_max_size,
303 prev->referer_hash_max_size, 2048);
304 ngx_conf_merge_uint_value(conf->referer_hash_bucket_size,
305 prev->referer_hash_bucket_size, 64);
306 conf->referer_hash_bucket_size = ngx_align(conf->referer_hash_bucket_size,
307 ngx_cacheline_size);
308
309 hash.key = ngx_hash_key_lc;
310 hash.max_size = conf->referer_hash_max_size;
311 hash.bucket_size = conf->referer_hash_bucket_size;
312 hash.name = "referer_hash";
313 hash.pool = cf->pool;
314
315 if (conf->keys->keys.nelts) {
316 hash.hash = &conf->hash.hash;
317 hash.temp_pool = NULL;
318
319 if (ngx_hash_init(&hash, conf->keys->keys.elts, conf->keys->keys.nelts)
320 != NGX_OK)
321 {
322 return NGX_CONF_ERROR;
323 }
324 }
325
326 if (conf->keys->dns_wc_head.nelts) {
327
328 ngx_qsort(conf->keys->dns_wc_head.elts,
329 (size_t) conf->keys->dns_wc_head.nelts,
330 sizeof(ngx_hash_key_t),
331 ngx_http_cmp_referer_wildcards);
332
333 hash.hash = NULL;
334 hash.temp_pool = cf->temp_pool;
335
336 if (ngx_hash_wildcard_init(&hash, conf->keys->dns_wc_head.elts,
337 conf->keys->dns_wc_head.nelts)
338 != NGX_OK)
339 {
340 return NGX_CONF_ERROR;
341 }
342
343 conf->hash.wc_head = (ngx_hash_wildcard_t *) hash.hash;
344 }
345
346 if (conf->keys->dns_wc_tail.nelts) {
347
348 ngx_qsort(conf->keys->dns_wc_tail.elts,
349 (size_t) conf->keys->dns_wc_tail.nelts,
350 sizeof(ngx_hash_key_t),
351 ngx_http_cmp_referer_wildcards);
352
353 hash.hash = NULL;
354 hash.temp_pool = cf->temp_pool;
355
356 if (ngx_hash_wildcard_init(&hash, conf->keys->dns_wc_tail.elts,
357 conf->keys->dns_wc_tail.nelts)
358 != NGX_OK)
359 {
360 return NGX_CONF_ERROR;
361 }
362
363 conf->hash.wc_tail = (ngx_hash_wildcard_t *) hash.hash;
364 }
365
366 #if (NGX_PCRE)
367 ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
368 #endif
369
370 if (conf->no_referer == NGX_CONF_UNSET) {
371 conf->no_referer = 0;
372 }
373
374 if (conf->blocked_referer == NGX_CONF_UNSET) {
375 conf->blocked_referer = 0;
376 }
377
378 conf->keys = NULL;
379
380 return NGX_CONF_OK;
381 }
382
383
384 static char *
385 ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
386 {
387 ngx_http_referer_conf_t *rlcf = conf;
388
389 u_char *p;
390 ngx_str_t *value, uri, name;
391 ngx_uint_t i, n;
392 ngx_http_variable_t *var;
393 ngx_http_server_name_t *sn;
394 ngx_http_core_srv_conf_t *cscf;
395
396 ngx_str_set(&name, "invalid_referer");
397
398 var = ngx_http_add_variable(cf, &name,
399 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOHASH);
400 if (var == NULL) {
401 return NGX_CONF_ERROR;
402 }
403
404 var->get_handler = ngx_http_referer_variable;
405
406 if (rlcf->keys == NULL) {
407 rlcf->keys = ngx_pcalloc(cf->temp_pool, sizeof(ngx_hash_keys_arrays_t));
408 if (rlcf->keys == NULL) {
409 return NGX_CONF_ERROR;
410 }
411
412 rlcf->keys->pool = cf->pool;
413 rlcf->keys->temp_pool = cf->pool;
414
415 if (ngx_hash_keys_array_init(rlcf->keys, NGX_HASH_SMALL) != NGX_OK) {
416 return NGX_CONF_ERROR;
417 }
418 }
419
420 value = cf->args->elts;
421
422 for (i = 1; i < cf->args->nelts; i++) {
423 if (value[i].len == 0) {
424 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
425 "invalid referer \"%V\"", &value[i]);
426 return NGX_CONF_ERROR;
427 }
428
429 if (ngx_strcmp(value[i].data, "none") == 0) {
430 rlcf->no_referer = 1;
431 continue;
432 }
433
434 if (ngx_strcmp(value[i].data, "blocked") == 0) {
435 rlcf->blocked_referer = 1;
436 continue;
437 }
438
439 ngx_str_null(&uri);
440
441 if (ngx_strcmp(value[i].data, "server_names") == 0) {
442
443 cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
444
445 sn = cscf->server_names.elts;
446 for (n = 0; n < cscf->server_names.nelts; n++) {
447
448 #if (NGX_PCRE)
449 if (sn[n].regex) {
450
451 if (ngx_http_add_regex_referer(cf, rlcf, &sn[n].name,
452 sn[n].regex->regex)
453 != NGX_OK)
454 {
455 return NGX_CONF_ERROR;
456 }
457
458 continue;
459 }
460 #endif
461
462 if (ngx_http_add_referer(cf, rlcf->keys, &sn[n].name, &uri)
463 != NGX_OK)
464 {
465 return NGX_CONF_ERROR;
466 }
467 }
468
469 continue;
470 }
471
472 if (value[i].data[0] == '~') {
473 if (ngx_http_add_regex_referer(cf, rlcf, &value[i], NULL) != NGX_OK)
474 {
475 return NGX_CONF_ERROR;
476 }
477
478 continue;
479 }
480
481 p = (u_char *) ngx_strchr(value[i].data, '/');
482
483 if (p) {
484 uri.len = (value[i].data + value[i].len) - p;
485 uri.data = p;
486 value[i].len = p - value[i].data;
487 }
488
489 if (ngx_http_add_referer(cf, rlcf->keys, &value[i], &uri) != NGX_OK) {
490 return NGX_CONF_ERROR;
491 }
492 }
493
494 return NGX_CONF_OK;
495 }
496
497
498 static char *
499 ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
500 ngx_str_t *value, ngx_str_t *uri)
501 {
502 ngx_int_t rc;
503 ngx_str_t *u;
504
505 if (uri->len == 0) {
506 u = NGX_HTTP_REFERER_NO_URI_PART;
507
508 } else {
509 u = ngx_palloc(cf->pool, sizeof(ngx_str_t));
510 if (u == NULL) {
511 return NGX_CONF_ERROR;
512 }
513
514 *u = *uri;
515 }
516
517 rc = ngx_hash_add_key(keys, value, u, NGX_HASH_WILDCARD_KEY);
518
519 if (rc == NGX_OK) {
520 return NGX_CONF_OK;
521 }
522
523 if (rc == NGX_DECLINED) {
524 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
525 "invalid hostname or wildcard \"%V\"", value);
526 }
527
528 if (rc == NGX_BUSY) {
529 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
530 "conflicting parameter \"%V\"", value);
531 }
532
533 return NGX_CONF_ERROR;
534 }
535
536
537 static char *
538 ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
539 ngx_str_t *name, ngx_regex_t *regex)
540 {
541 #if (NGX_PCRE)
542 ngx_regex_elt_t *re;
543 ngx_regex_compile_t rc;
544 u_char errstr[NGX_MAX_CONF_ERRSTR];
545
546 if (name->len == 1) {
547 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "empty regex in \"%V\"", name);
548 return NGX_CONF_ERROR;
549 }
550
551 if (rlcf->regex == NGX_CONF_UNSET_PTR) {
552 rlcf->regex = ngx_array_create(cf->pool, 2, sizeof(ngx_regex_elt_t));
553 if (rlcf->regex == NULL) {
554 return NGX_CONF_ERROR;
555 }
556 }
557
558 re = ngx_array_push(rlcf->regex);
559 if (re == NULL) {
560 return NGX_CONF_ERROR;
561 }
562
563 if (regex) {
564 re->regex = regex;
565 re->name = name->data;
566
567 return NGX_CONF_OK;
568 }
569
570 name->len--;
571 name->data++;
572
573 ngx_memzero(&rc, sizeof(ngx_regex_compile_t));
574
575 rc.pattern = *name;
576 rc.pool = cf->pool;
577 rc.options = NGX_REGEX_CASELESS;
578 rc.err.len = NGX_MAX_CONF_ERRSTR;
579 rc.err.data = errstr;
580
581 if (ngx_regex_compile(&rc) != NGX_OK) {
582 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V", &rc.err);
583 return NGX_CONF_ERROR;
584 }
585
586 re->regex = rc.regex;
587 re->name = name->data;
588
589 return NGX_CONF_OK;
590
591 #else
592
593 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
594 "the using of the regex \"%V\" requires PCRE library",
595 name);
596
597 return NGX_CONF_ERROR;
598
599 #endif
600 }
601
602
603 static int ngx_libc_cdecl
604 ngx_http_cmp_referer_wildcards(const void *one, const void *two)
605 {
606 ngx_hash_key_t *first, *second;
607
608 first = (ngx_hash_key_t *) one;
609 second = (ngx_hash_key_t *) two;
610
611 return ngx_dns_strcmp(first->key.data, second->key.data);
612 }
nginx fast proxy server