|
|
@@ -3,6 +3,7 @@ local redis = require "redis"
|
|
|
local regex = require "rex_pcre"
|
|
|
local mime = require "mime"
|
|
|
local cipher = require "openssl.cipher"
|
|
|
+local inspect = require 'inspect'
|
|
|
|
|
|
|
|
|
-- --------------------------------------------------------------------------
|
|
|
@@ -45,6 +46,10 @@ function scw(r)
|
|
|
local cookie_name = os.getenv("SCW_COOKIE")
|
|
|
local cookie_key = r:base64_decode(os.getenv("SCW_KEY"))
|
|
|
local human_cookie = r:getcookie(cookie_name)
|
|
|
+ local xff = tostring(r.headers_in["X-Forwarded-For"])
|
|
|
+ local rip = tostring(r.headers_in["X-Real-IP"])
|
|
|
+
|
|
|
+
|
|
|
if human_cookie then
|
|
|
human_cookie = r:base64_decode(r:unescape(human_cookie))
|
|
|
end
|
|
|
@@ -54,7 +59,7 @@ function scw(r)
|
|
|
local cookie_data = _decrypt(human_cookie, cookie_key)
|
|
|
|
|
|
is_human = string.gsub(cookie_data, "scw|(.-)|(%d+)$", function (ip, exp)
|
|
|
- if ip == r.useragent_ip and r:clock() <= tonumber(exp) then
|
|
|
+ if (ip == r.useragent_ip or ip == xff or ip == rip) and r:clock() <= tonumber(exp) then
|
|
|
return true
|
|
|
end
|
|
|
return false
|
|
|
@@ -82,7 +87,19 @@ function scw(r)
|
|
|
local captcha_url = os.getenv("SCW_CAPTCHA_URL")
|
|
|
|
|
|
if has_redis and captcha_url ~= "" then
|
|
|
+ -- the client ip
|
|
|
local v = redis_conn:get("bl:" .. r.useragent_ip)
|
|
|
+
|
|
|
+ -- the X-Forwarded-For IP
|
|
|
+ if v == nil then
|
|
|
+ v = redis_conn:get("bl:" .. xff)
|
|
|
+ end
|
|
|
+
|
|
|
+ -- the X-Real-IP IP
|
|
|
+ if v == nil then
|
|
|
+ v = redis_conn:get("bl:" .. rip)
|
|
|
+ end
|
|
|
+
|
|
|
if v ~= nil then -- and h == nil then
|
|
|
local rprotocol = "http"
|
|
|
if r.is_https then
|
Tobias von Dewitz