Merge pull request #1 from limithit/limithit-patch-1

Limithit patch 1
limithit · Nov 21, 2019 · b127224 · b127224
2 parents 6fb14fe + d565e8b
commit b127224
Show file tree

Hide file tree

Showing 4 changed files with 1,277 additions and 5 deletions.
diff --git a/LICENSE b/LICENSE
@@ -1,7 +1,7 @@
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
+<http://www.gnu.org/licenses/>.
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/README.md b/README.md
@@ -1 +1,121 @@
-# ngx_cookie_limit_req_module
+# ngx_cookie_limit_req_module
+
+## Introduction
+
+The *ngx_cookie_limit_req_module* module is used generate token according to cookie and limit the number of cookies generated by a single IP.
+
+Table of Contents
+=================
+* [cookie_limit_req_zone](#cookie_limit_req_zone)
+* [cookie_limit_req_zone](#cookie_limit_req)
+* [cookie_limit_req_log_level](#cookie_limit_req_log_level)
+* [cookie_limit_req_status](#cookie_limit_req_status)
+* [Installation](#Installation)
+* [About](#About)
+* [Extend](#Extend)
+* [Donate](#Donate)
+
+## cookie_limit_req_zone
+Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state stores the current number of excessive requests. The key can contain text, variables, and their combination. Requests with an empty key value are not accounted. 
+```
+ Syntax:  cookie_limit_req_zone key zone=name:size rate=rate [sync]  redis=127.0.0.1 block_second=time cookie_max=number;
+ Default: —
+ Context: http
+ ```
+
+## cookie_limit_req
+Sets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error. By default, the maximum burst size is equal to zero.
+```
+ Syntax:  cookie_limit_req zone=name [burst=number] [nodelay | delay=number];
+ Default: —
+ Context: http, server, location, if
+```
+
+## cookie_limit_req_log_level
+Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Logging level for delays is one point less than for refusals; for example, if “cookie_limit_req_log_level notice” is specified, delays are logged with the info level.
+```
+ Syntax:  cookie_limit_req_log_level info | notice | warn | error;
+ Default: cookie_limit_req_log_level error;
+ Context: http, server, location
+```
+
+## cookie_limit_req_status 
+Sets the status code to return in response to rejected requests.
+```
+ Syntax:  cookie_limit_req_status code;
+ Default: cookie_limit_req_status 503;
+ Context: http, server, location, if
+```
+
+     
+
+## Configuration example：
+```nginx
+
+    worker_processes  2;
+    events {
+        worker_connections  1024;
+    }
+    http {
+        include       mime.types;
+        default_type  application/octet-stream;
+        sendfile        on;
+        keepalive_timeout  65;
+        
+cookie_limit_req_zone $binary_remote_addr zone=two:10m rate=30r/m redis=127.0.0.1 block_second=300 cookie_max=5;
+cookie_limit_req zone=two burst=30 nodelay;
+cookie_limit_req_status 403;
+
+        
+        
+        server {
+            listen       80;
+            server_name  localhost;
+            location / {
+                root   html;
+                index  index.html index.htm;
+            }
+            error_page   403 500 502 503 504  /50x.html;
+            location = /50x.html {
+                root   html;
+            }
+        }
+    }
+   
+```
+
+## Installation
+
+###  Option #1: Compile Nginx with module bundled
+    cd redis-4.0**version**/deps/hiredis
+    make 
+    make install 
+    echo /usr/local/lib >> /etc/ld.so.conf
+    ldconfig
+
+    cd nginx-**version**
+    ./configure --add-module=/path/to/this/ngx_cookie_limit_req_module 
+    make
+    make install
+
+
+###  Option #2: Compile cookie module for Nginx
+
+Starting from NGINX 1.9.11, you can also compile this module as a cookie module, by using the ```--add-cookie-module=PATH``` option instead of ```--add-module=PATH``` on the ```./configure``` command line above. And then you can explicitly load the module in your ```nginx.conf``` via the [load_module](http://nginx.org/en/docs/ngx_core_module.html#load_module) directive, for example,
+
+```nginx
+    load_module /path/to/modules/ngx_cookie_limit_req_module.so;
+```
+
+## Donate
+The developers work tirelessly to improve and develop ngx_cookie_limit_req_module. Many hours have been put in to provide the software as it is today, but this is an extremely time-consuming process with no financial reward. If you enjoy using the software, please consider donating to the devs, so they can spend more time implementing improvements.
+
+ ### Alipay:
+![Alipay](https://github.com/limithit/shellcode/blob/master/alipay.png)
+
+## Extend
+This module can be works with [RedisPushIptables](https://github.com/limithit/RedisPushIptables),  the application layer matches then the network layer to intercept. Although network layer interception will save resources, there are also deficiencies. Assuming that only one specific interface is filtered and no other interfaces are filtered, those that do not need to be filtered will also be inaccessible. Although precise control is not possible at the network layer or the transport layer, it can be precisely controlled at the application layer. Users need to weigh which solution is more suitable for the event at the time.
+
+
+Author
+Gandalf zhibu1991@gmail.com
diff --git a/config b/config
@@ -0,0 +1,27 @@
+ngx_waf_incs="/usr/local/include/hiredis"
+ngx_waf_libs="-lhiredis"
+ngx_addon_name=ngx_http_cookie_limit_req_module
+
+EXECUTE_SRCS="                                                           \
+             $ngx_addon_dir/ngx_http_cookie_limit_req_module.c                  \
+             "
+
+EXECUTE_DEPS="                                                           \
+             "
+
+if test -n "$ngx_module_link"; then
+    ngx_module_type=HTTP
+    ngx_module_name=ngx_http_cookie_limit_req_module
+    ngx_module_deps="$EXECUTE_DEPS"
+    ngx_module_srcs="$EXECUTE_SRCS"
+     ngx_module_libs="$ngx_waf_libs"
+    ngx_module_incs="$ngx_waf_incs"
+
+    . auto/module
+else
+    HTTP_MODULES="$HTTP_MODULES ngx_http_cookie_limit_req_module"
+    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $EXECUTE_SRCS"
+    NGX_ADDON_DEPS="$NGX_ADDON_DEPS $EXECUTE_DEPS"
+     ngx_module_libs="$ngx_waf_libs"
+    ngx_module_incs="$ngx_waf_incs"
+fi