Skip to content

Commit e88cf88

Browse files
chobitschobits
committed
Refactor port checking logic
1 parent 294ebea commit e88cf88

File tree

1 file changed

+48
-31
lines changed

1 file changed

+48
-31
lines changed

ngx_http_proxy_connect_module.c

Lines changed: 48 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,8 @@ static char *ngx_http_proxy_connect_merge_loc_conf(ngx_conf_t *cf, void *parent,
9898
static void ngx_http_proxy_connect_write_downstream(ngx_http_request_t *r);
9999
static void ngx_http_proxy_connect_read_downstream(ngx_http_request_t *r);
100100
static void ngx_http_proxy_connect_send_handler(ngx_http_request_t *r);
101+
static ngx_int_t ngx_http_proxy_connect_allow_handler(ngx_http_request_t *r,
102+
ngx_http_proxy_connect_loc_conf_t *plcf);
101103
static char* ngx_http_proxy_connect_address(ngx_conf_t *cf, ngx_command_t *cmd,
102104
void *conf);
103105
static char* ngx_http_proxy_connect_bind(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -1352,10 +1354,8 @@ ngx_http_proxy_connect_wr_check_broken_connection(ngx_http_request_t *r)
13521354
static ngx_int_t
13531355
ngx_http_proxy_connect_handler(ngx_http_request_t *r)
13541356
{
1355-
in_port_t (*ports)[2];
13561357
ngx_url_t url;
13571358
ngx_int_t rc;
1358-
ngx_uint_t i, allow;
13591359
ngx_resolver_ctx_t *rctx, temp;
13601360
ngx_http_core_loc_conf_t *clcf;
13611361
ngx_http_proxy_connect_ctx_t *ctx;
@@ -1368,36 +1368,10 @@ ngx_http_proxy_connect_handler(ngx_http_request_t *r)
13681368
return NGX_DECLINED;
13691369
}
13701370

1371-
allow = 0;
1371+
rc = ngx_http_proxy_connect_allow_handler(r, plcf);
13721372

1373-
if (plcf->allow_port_all) {
1374-
allow = 1;
1375-
1376-
} else if (plcf->allow_ports) {
1377-
ports = plcf->allow_ports->elts;
1378-
1379-
for (i = 0; i < plcf->allow_ports->nelts; i++) {
1380-
/*
1381-
* connect_port == port
1382-
* OR
1383-
* port <= connect_port <= eport
1384-
*/
1385-
if ((ports[i][1] == 0 && r->connect_port_n == ports[i][0])
1386-
|| (ports[i][0] <= r->connect_port_n && r->connect_port_n <= ports[i][1]))
1387-
{
1388-
allow = 1;
1389-
break;
1390-
}
1391-
}
1392-
1393-
} else {
1394-
if (r->connect_port_n == 443 || r->connect_port_n == 563) {
1395-
allow = 1;
1396-
}
1397-
}
1398-
1399-
if (allow == 0) {
1400-
return NGX_HTTP_FORBIDDEN;
1373+
if (rc != NGX_OK) {
1374+
return rc;
14011375
}
14021376

14031377
ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_connect_module);;
@@ -1518,6 +1492,49 @@ ngx_http_proxy_connect_handler(ngx_http_request_t *r)
15181492
}
15191493

15201494

1495+
static ngx_int_t
1496+
ngx_http_proxy_connect_allow_handler(ngx_http_request_t *r,
1497+
ngx_http_proxy_connect_loc_conf_t *plcf)
1498+
{
1499+
ngx_uint_t i, allow;
1500+
in_port_t (*ports)[2];
1501+
1502+
allow = 0;
1503+
1504+
if (plcf->allow_port_all) {
1505+
allow = 1;
1506+
1507+
} else if (plcf->allow_ports) {
1508+
ports = plcf->allow_ports->elts;
1509+
1510+
for (i = 0; i < plcf->allow_ports->nelts; i++) {
1511+
/*
1512+
* connect_port == port
1513+
* OR
1514+
* port <= connect_port <= eport
1515+
*/
1516+
if ((ports[i][1] == 0 && r->connect_port_n == ports[i][0])
1517+
|| (ports[i][0] <= r->connect_port_n && r->connect_port_n <= ports[i][1]))
1518+
{
1519+
allow = 1;
1520+
break;
1521+
}
1522+
}
1523+
1524+
} else {
1525+
if (r->connect_port_n == 443 || r->connect_port_n == 563) {
1526+
allow = 1;
1527+
}
1528+
}
1529+
1530+
if (allow == 0) {
1531+
return NGX_HTTP_FORBIDDEN;
1532+
}
1533+
1534+
return NGX_OK;
1535+
}
1536+
1537+
15211538
static char *
15221539
ngx_http_proxy_connect_allow(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
15231540
{

0 commit comments

Comments
 (0)