PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`local ipset = require "ipset_message_pb" local ipset_socket = "unix:/var/run/imunify360/libiplists-daemon.sock" local function write_size(little_endian, format, ...) local res = '' local values = {...} for i=1,#format do local size = tonumber(format:sub(i,i)) local value = values[i] local str = "" for j=1,size do str = str .. string.char(value % 256) value = math.floor(value / 256) end if not little_endian then str = string.reverse(str) end res = res .. str end return res end local function read_size(big_endian, format, ...) values = {...} local total = 0 for i=1,#format do local size = tonumber(format:sub(i,i)) local value = values[i] if not big_endian then value = value:reverse() end local res = 0 for j=1,size do res = res * 256 + string.byte(value:sub(j,j)) print(res) end total = total + res end return total end local function composeMessage(ip) local msg = ipset.Request() msg.ip = ngx.var.remote_addr msg.ua = "-" msg.url = "-" msg.uid = "-" msg.captcha = "-" msg.host = "-" msg.proxyname = ngx.var.remote_proxy msg.port = ngx.var.server_port msg.realip = ip if ngx.var.domain_whitelisted == "1" then msg.wldomain = true end local serialized = msg:SerializeToString() return write_size(false, "2", string.len(serialized)) .. serialized end local function decomposeMessage(pb_msg) local status_map = { [0] = "NOT_FOUND", [10] = "WHITE", [11] = "REMOTE_PROXY", [12] = "WHITE_STATIC", [20] = "BLACK", [21] = "COUNTRY_BLACK", [22] = "BLACK_LOCAL", [30] = "GRAY", [40] = "SPLASH" } local msg = ipset.Response() msg:ParseFromString(pb_msg) if msg == nil then return {["ip"] = nil, ["verdict"] = "ERROR"} end local verdict = status_map[msg.action] if verdict == nil and msg.status == 1 then return {["ip"] = msg.ip, ["verdict"] = "ERROR"} end return {["ip"] = msg.ip, ["verdict"] = verdict} end local function query_peer(ip) local sock = ngx.socket.tcp() sock:settimeout(1000) local ok, err = sock:connect(ipset_socket) if not ok then ngx.log(ngx.ERR, "Could not connect to ipset socket: ", err) return end local sent, err = sock:send(composeMessage(ip)) if not sent then ngx.log(ngx.ERR, "Could not send to ipset socket: ", err) return end local raw_size, err = sock:receive(2) if not raw_size then ngx.log(ngx.ERR, "Could not read size from ipset socket: ", err) return end local expected_size = read_size(true, "2", raw_size) local data, err = sock:receive(expected_size) if not data then ngx.log(ngx.ERR, "Could not read data from ipset socket: ", err) return end sock:close() return decomposeMessage(data) end local function check() local remote_addr = ngx.var.remote_addr if remote_addr == "127.0.0.1" or remote_addr == "::1" then ngx.var.webshield_ip_status = "NOT_FOUND" return end local remote_address = ngx.var.wsuserip or remote_addr local response = query_peer(remote_address) if response == nil then ngx.log(ngx.WARN, "Got empty response from IPSET daemon") ngx.var.webshield_ip_status = "NOT_FOUND" return end ngx.var.webshield_ip_status = response.verdict end if ngx.var.access_check_enabled == "0" then return check() end