nginx使用lua通过request_body按条件开放访问权限
2024-06-03 20:11:35
需求:当我们的请求在我们条件内的主机上时只允许balance.query和asset.list请求,其余主机不受限制
1、部署nginx以及添加lua模块
upstream algoapp {server 192.168.1.91:8080;
}
server {listen 80;server_name abc.test;location / {if ($request_method = POST ) {set $upstream '';access_by_lua 'ngx.req.read_body()local data = ngx.req.get_body_data()local match = ngx.re.match(ngx.var.request_body, "balance.query|asset.list")local addr = ngx.re.match(ngx.var.remote_addr, "172.16.3.11|172.16.3.20|192.168.1.27|192.168.1.60|172.16.9.2|192.168.1.159")if addr thenif match thenngx.var.upstream = "algoapp"elsereturn 403endelsengx.var.upstream = "algoapp"end ' ;proxy_pass http://$upstream;}#proxy_pass http://algoapp;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
}
测试:
1、在条件内的不同主机上执行balance.query请求
在主机192.168.1.159
[root@openvpn data]# ifconfig |grep "192.168.1.159"inet 192.168.1.159 netmask 255.255.255.0 broadcast 192.168.1.255
[root@openvpn data]# curl -H "Content-Type: application/json" -X POST -d '{"method":"balance.query","id":1,"jsonrpc":"2.0","params":[634272,"AITD"]}' http://abc.test
{"error": null,"result": [{"asset": "AITD","available": "0","freeze": "0"}],"id": 1
}
在非主机192.168.1.36
[root@build-serice jenkins]# ifconfig |grep "192.168.1.36"inet 192.168.1.36 netmask 255.255.255.0 broadcast 192.168.1.255
[root@build-serice jenkins]# curl -H "Content-Type: application/json" -X POST -d '{"method":"balance.query","id":1,"jsonrpc":"2.0","params":[634272,"AITD"]}' http://abc.test
{"error": null,"result": [{"asset": "AITD","available": "0","freeze": "0"}],"id": 1
}
显示都可以操作,此时符合需求
2、测试asset.list请求
在条件主机192.168.1.159
[root@openvpn data]# curl -X POST --data '{"jsonrpc":"2.0","method":"asset.list","params":[], "id":1}' -H 'Content-Type: application/json' http://match-reward.sgpexchange.test
{"error": null,"result": [{"name": "1INCH","prec": 8},{"name": "ABC","prec": 8},{"name": "ADA","prec": 8},{"name": "AITD","prec": 8},{"name": "ARC","prec": 8},{"name": "BANK","prec": 8},{"name": "BANK_AITD","prec": 8},{"name": "BANK_BTC","prec": 8},{"name": "BANK_ETH","prec": 8},{"name": "BANK_TRX","prec": 8},{"name": "BANK_USDT","prec": 8},{"name": "BCH","prec": 8},{"name": "BSV","prec": 8},{"name": "BTC","prec": 8},{"name": "CIDT","prec": 8},{"name": "CRET","prec": 8},{"name": "DASH","prec": 8},{"name": "DOT","prec": 8},{"name": "EOS","prec": 8},{"name": "ETC","prec": 8},{"name": "ETH","prec": 8},{"name": "LC_1INCH","prec": 8},{"name": "LC_ABC","prec": 8},{"name": "LC_ADA","prec": 8},{"name": "LC_AITD","prec": 8},{"name": "LC_ARC","prec": 8},{"name": "LC_BANK","prec": 8},{"name": "LC_BANK_AITD","prec": 8},{"name": "LC_BANK_BTC","prec": 8},{"name": "LC_BANK_ETH","prec": 8},{"name": "LC_BANK_TRX","prec": 8},{"name": "LC_BANK_USDT","prec": 8},{"name": "LC_BCH","prec": 8},{"name": "LC_BSV","prec": 8},{"name": "LC_BTC","prec": 8},{"name": "LC_CIDT","prec": 8},{"name": "LC_CRET","prec": 8},{"name": "LC_DASH","prec": 8},{"name": "LC_DOT","prec": 8},{"name": "LC_EOS","prec": 8},{"name": "LC_ETC","prec": 8},{"name": "LC_ETH","prec": 8},{"name": "LC_LINK","prec": 8},{"name": "LC_LTC","prec": 8},{"name": "LC_LUNA","prec": 8},{"name": "LC_NEO","prec": 8},{"name": "LC_TRX","prec": 8},{"name": "LC_UNI","prec": 8},{"name": "LC_USDT","prec": 8},{"name": "LC_VET","prec": 8},{"name": "LC_XMR","prec": 8},{"name": "LC_XRP","prec": 8},{"name": "LC_YOHO","prec": 8},{"name": "LINK","prec": 8},{"name": "LTC","prec": 8},{"name": "LUNA","prec": 8},{"name": "NEO","prec": 8},{"name": "TRX","prec": 8},{"name": "UNI","prec": 8},{"name": "USDT","prec": 8},{"name": "VET","prec": 8},{"name": "XMR","prec": 8},{"name": "XRP","prec": 8},{"name": "YOHO","prec": 8}],"id": 1
}
在非条件主机192.168.1.36
[root@build-serice jenkins]# curl -X POST --data '{"jsonrpc":"2.0","method":"asset.list","params":[], "id":1}' -H 'Content-Type: application/json' http://match-reward.sgpexchange.test
{"error": null,"result": [{"name": "1INCH","prec": 8},{"name": "ABC","prec": 8},{"name": "ADA","prec": 8},{"name": "AITD","prec": 8},{"name": "ARC","prec": 8},{"name": "BANK","prec": 8},{"name": "BANK_AITD","prec": 8},{"name": "BANK_BTC","prec": 8},{"name": "BANK_ETH","prec": 8},{"name": "BANK_TRX","prec": 8},{"name": "BANK_USDT","prec": 8},{"name": "BCH","prec": 8},{"name": "BSV","prec": 8},{"name": "BTC","prec": 8},{"name": "CIDT","prec": 8},{"name": "CRET","prec": 8},{"name": "DASH","prec": 8},{"name": "DOT","prec": 8},{"name": "EOS","prec": 8},{"name": "ETC","prec": 8},{"name": "ETH","prec": 8},{"name": "LC_1INCH","prec": 8},{"name": "LC_ABC","prec": 8},{"name": "LC_ADA","prec": 8},{"name": "LC_AITD","prec": 8},{"name": "LC_ARC","prec": 8},{"name": "LC_BANK","prec": 8},{"name": "LC_BANK_AITD","prec": 8},{"name": "LC_BANK_BTC","prec": 8},{"name": "LC_BANK_ETH","prec": 8},{"name": "LC_BANK_TRX","prec": 8},{"name": "LC_BANK_USDT","prec": 8},{"name": "LC_BCH","prec": 8},{"name": "LC_BSV","prec": 8},{"name": "LC_BTC","prec": 8},{"name": "LC_CIDT","prec": 8},{"name": "LC_CRET","prec": 8},{"name": "LC_DASH","prec": 8},{"name": "LC_DOT","prec": 8},{"name": "LC_EOS","prec": 8},{"name": "LC_ETC","prec": 8},{"name": "LC_ETH","prec": 8},{"name": "LC_LINK","prec": 8},{"name": "LC_LTC","prec": 8},{"name": "LC_LUNA","prec": 8},{"name": "LC_NEO","prec": 8},{"name": "LC_TRX","prec": 8},{"name": "LC_UNI","prec": 8},{"name": "LC_USDT","prec": 8},{"name": "LC_VET","prec": 8},{"name": "LC_XMR","prec": 8},{"name": "LC_XRP","prec": 8},{"name": "LC_YOHO","prec": 8},{"name": "LINK","prec": 8},{"name": "LTC","prec": 8},{"name": "LUNA","prec": 8},{"name": "NEO","prec": 8},{"name": "TRX","prec": 8},{"name": "UNI","prec": 8},{"name": "USDT","prec": 8},{"name": "VET","prec": 8},{"name": "XMR","prec": 8},{"name": "XRP","prec": 8},{"name": "YOHO","prec": 8}],"id": 1
}
此时测试也符合要求,在条件主机和非条件主机对应的两个接口都不受影响
3、测试非条件请求在条件主机上的测试
上面已经测试了条件请求在条件主机上能正常请求
非条件请求asset.summary在条件主机上的请求
在条件主机上:192.168.1.159
[root@openvpn data]#ifconfig |grep "192.168.1.159"inet 192.168.1.159 netmask 255.255.255.0 broadcast 192.168.1.255
[root@openvpn data]# curl -H "Content-Type: application/json" -X POST -d '{"jsonrpc":"2.0","method":"asset.summary","params":["BTC","BCH"], "id":1}' http://match-reward.sgpexchange.test
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://match-reward.sgpexchange.test/</td>
</tr>
<tr>
<td>Server:</td>
<td>dev-192-168-1-60</td>
</tr>
<tr>
<td>Date:</td>
<td>2022/11/25 17:19:18</td>
</tr>
</table>
<hr/>Powered by Tengine<hr><center>tengine</center>
</body>
</html>
非条件主机:192.168.1.36
同样的请求
[root@build-serice jenkins]# curl -H "Content-Type: application/json" -X POST -d '{"jsonrpc":"2.0","method":"asset.summary","params":["BTC","BCH"], "id":1}' http://abc.test
{"error": null,"result": [{"name": "BTC","total_balance": "113205.6303438","available_count": 29,"available_balance": "113203.4504888","freeze_count": 1,"freeze_balance": "2.179855"},{"name": "BCH","total_balance": "0","available_count": 0,"available_balance": "0","freeze_count": 0,"freeze_balance": "0"}],"id": 1
}
能正常请求
4、条件主机上的不同请求
条件主机:192.168.1.159
1)asset.summary请求不允许
[root@openvpn data]# curl -H "Content-Type: application/json" -X POST -d '{"jsonrpc":"2.0","method":"asset.summary","params":["BTC","BCH"], "id":1}' http://abc.test
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://match-reward.sgpexchange.test/</td>
</tr>
<tr>
<td>Server:</td>
<td>dev-192-168-1-60</td>
</tr>
<tr>
<td>Date:</td>
<td>2022/11/25 17:19:18</td>
</tr>
</table>
<hr/>Powered by Tengine<hr><center>tengine</center>
</body>
</html>
2)balance.query请求允许
[root@openvpn data]# curl -H "Content-Type: application/json" -X POST -d '{"method":"balance.query","id":1,"jsonrpc":"2.0","params":[634272,"AITD"]}' http://abc.test
{"error": null,"result": [{"asset": "AITD","available": "0","freeze": "0"}],"id": 1
}
3)asset.list请求允许
[root@openvpn data]#curl -X POST --data '{"jsonrpc":"2.0","method":"asset.list","params":[], "id":1}' -H 'Content-Type: application/json' http://abc.test
{"error": null,"result": [{"name": "1INCH","prec": 8},{"name": "ABC","prec": 8},{"name": "ADA","prec": 8},{"name": "AITD","prec": 8},{"name": "ARC","prec": 8},{"name": "BANK","prec": 8},{"name": "BANK_AITD","prec": 8},{"name": "BANK_BTC","prec": 8},{"name": "BANK_ETH","prec": 8},{"name": "BANK_TRX","prec": 8},{"name": "BANK_USDT","prec": 8},{"name": "BCH","prec": 8},{"name": "BSV","prec": 8},{"name": "BTC","prec": 8},{"name": "CIDT","prec": 8},{"name": "CRET","prec": 8},{"name": "DASH","prec": 8},{"name": "DOT","prec": 8},{"name": "EOS","prec": 8},{"name": "ETC","prec": 8},{"name": "ETH","prec": 8},{"name": "LC_1INCH","prec": 8},{"name": "LC_ABC","prec": 8},{"name": "LC_ADA","prec": 8},{"name": "LC_AITD","prec": 8},{"name": "LC_ARC","prec": 8},{"name": "LC_BANK","prec": 8},{"name": "LC_BANK_AITD","prec": 8},{"name": "LC_BANK_BTC","prec": 8},{"name": "LC_BANK_ETH","prec": 8},{"name": "LC_BANK_TRX","prec": 8},{"name": "LC_BANK_USDT","prec": 8},{"name": "LC_BCH","prec": 8},{"name": "LC_BSV","prec": 8},{"name": "LC_BTC","prec": 8},{"name": "LC_CIDT","prec": 8},{"name": "LC_CRET","prec": 8},{"name": "LC_DASH","prec": 8},{"name": "LC_DOT","prec": 8},{"name": "LC_EOS","prec": 8},{"name": "LC_ETC","prec": 8},{"name": "LC_ETH","prec": 8},{"name": "LC_LINK","prec": 8},{"name": "LC_LTC","prec": 8},{"name": "LC_LUNA","prec": 8},{"name": "LC_NEO","prec": 8},{"name": "LC_TRX","prec": 8},{"name": "LC_UNI","prec": 8},{"name": "LC_USDT","prec": 8},{"name": "LC_VET","prec": 8},{"name": "LC_XMR","prec": 8},{"name": "LC_XRP","prec": 8},{"name": "LC_YOHO","prec": 8},{"name": "LINK","prec": 8},{"name": "LTC","prec": 8},{"name": "LUNA","prec": 8},{"name": "NEO","prec": 8},{"name": "TRX","prec": 8},{"name": "UNI","prec": 8},{"name": "USDT","prec": 8},{"name": "VET","prec": 8},{"name": "XMR","prec": 8},{"name": "XRP","prec": 8},{"name": "YOHO","prec": 8}],"id": 1
}
nginx使用lua通过request_body按条件开放访问权限相关推荐
- ubuntu mysql 修改 端口_在Ubuntu/Linux环境下使用MySQL:开放/修改3306端口、开放访问权限...
操作系统:Ubuntu 17.04 64位 MySQL版本:MySQL 5.7 一.查看3306端口是否开放 netstat -an|grep 3306 如果看到下图这样的,说明端口并未打开: 二.修 ...
- Nginx与Lua开发
1.Lua及基础语法 Nginx与Lua环境 场景:用Nginx结合Lua实现代码的灰度发布 1.Lua 是一个简洁.轻量.可扩展的脚本语言 2.Nginx+Lua优势 充分的结合Nginx的并发处理 ...
- nginx通过lua从日志中获得请求响应体
Nginx本身可以通过$request_body变量记录请求内容,但响应内容需要通过Lua模块记录: 步骤: 1 在nginx主配置文件nginx.conf日志格式中增加 $resp_body变量; ...
- 分布式接口幂等性、分布式限流:Guava 、nginx和lua限流
点击关注公众号,实用技术文章及时了解 一.接口幂等性 接口幂等性就是用户对于同一操作发起的一次请求或者多次请求的结果是一致的,不会因为多次点击而产生了副作用.举个最简单的例子,那就是支付,用户购买商品 ...
- 分布式接口幂等性、分布式限流(Guava 、nginx和lua限流)
一.接口幂等性 接口幂等性就是用户对于同一操作发起的一次请求或者多次请求的结果是一致的,不会因为多次点击而产生了副作用.举个最简单的例子,那就是支付,用户购买商品后支付,支付扣款成功,但是返回结果的时 ...
- 实战:Nginx集成Lua脚本并调用memcached
之前在阿里云的centos系统上已经安装过nginx,但是没有安装lua所需的模块,因此重新编译nginx来扩展lua模块. ngx_lua_module 是一个nginx http模块,它把 lua ...
- 11: Nginx安装lua支持
1.1 Nginx 使用lua脚本 注:需要LuaJIT-2.0.4.tar.gz,ngx_devel_kit,lua-nginx-module 1.Nginx安装lua支持 wget -c http ...
- CentOS7下Nginx 安装 Lua 支持
Nginx 支持 Lua 需要安装 lua-nginx-module 模块,一般常用有 2 种方法: 1.编译 Nginx 的时候带上 lua-nginx-module 模块一起编译 2.使用 Ope ...
- centos上搭建nginx视频点播服务器(nginx+vod+lua http发送鉴权消息)
需求背景: 想着搭建一个视频点播服务器,最后选择了nginx+vod的方案,用lua脚本写拉流鉴权,但是环境搭建过程中又发现nginx++vod+lua的环境并不是很容易搭建,是nginx+lua的环 ...
最新文章
- 多线程模式之MasterWorker模式
- Web前端规范--HTML规范
- 修改linux的shell限制,Nginx下解决WebShell访问限制问题
- 创建spring配置
- 谈计算机知识对学生的作用,浅谈计算机在教学中的作用
- python传文件给堡垒机上远程的另一个机器_如何用hive调度堡垒机上的python脚本...
- 作者:黄宜华,南京大学计算机系教授、博士生导师,中国计算机学会大数据专家委员会委员、副秘书长。...
- 终极解密输入网址按回车到底发生了什么
- python判断序列值横穿整个区间的次数
- 最短路+状压DP【洛谷P3489】 [POI2009]WIE-Hexer
- 【学习笔记】InformationTheory——熵,条件熵,联合熵,互信息,交叉熵
- mybatis 大于等于小于等于
- mysql在子查询中使用自定义变量和条件语句实现函数效果的查询语句
- 一股清流!唯品会:杜绝不必要的加班!
- 华为机试C语言-找到比自己强的人数
- 2015自然基金一审结果:项目申请的共性问题。
- Linux/Windows快速镜像安装包下载
- python怎么批量下载图片_怎样批量下载在线图片?
- 工作之路 - 上海泛微软件有限公司
- 考研英语十一附双语阅读:脱欧了连巧克力都缩水?拿什么治愈你word英国人民