动态黑白名单配置
1.依赖模块
数据面需要加载如下模块
load_module modules/njt_http_dyn_bwlist_module.so;2.指令说明
动态配置无特殊的指令, 动态黑白名单的配置指令及格式与静态配置一致,使用 allow, deny 指定允许或拒绝的IP地址。
语法: allow address | CIDR | all;
默认值: –
允许配置位置: http, server, location
语法: deny address | CIDR | all;
默认值: –
允许配置位置: http, server, location
3.配置示例
worker_processes 1;
error_log logs/error.log info;
load_module modules/njt_http_dyn_bwlist_module.so;
helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper broker modules/njt_helper_ctrl_module.so conf/njet_ctrl.conf;
events {
worker_connections 1024;
}
upstream backend {
server 10.10.12.1:8080;
}
http{
dyn_kv_conf conf/iot.conf;
server {
listen 18888;
location / {
proxy_pass http://${backend};
}
location /test_bwlist {
allow 192.168.1.0/24;
deny all;
proxy_pass http://${backend};
}
}
}
cluster_name helper;
node_name node1;4.API
4.1 API 列表
查询接口
GET http://IP+port/api/v1/config/http_dyn_bwlist修改接口
PUT http://IP+port/api/v1/config/http_dyn_bwlist4.2 调用样例
使用GET方法获取当前各location 的黑白名单配置,使用PUT方法更新黑白名单配置。PUT 提交时报文格式与GET获取到的报文格式一致,可以只提交需要改动的 location。
GET http://127.0.0.1:8081/api/v1/config/http_dyn_bwlist
{
"servers": [{
"listens": ["0.0.0.0:18888"],
"serverNames": [""],
"locations": [{
"location": "/"
}, {
"location": "/test_bwlist",
"accessIpv4": [{
"rule": "allow",
"addr": "192.168.1.0",
"mask": "255.255.255.0"
}, {
"rule": "deny",
"addr": "0.0.0.0",
"mask": "0.0.0.0"
}]
}]
}]
}查询
使用GET方法获取当前黑白名单静态配置信息。
curl -X 'GET' 'http://127.0.0.1:8081/api/v1/config/http_dyn_bwlist'
示例返回:
{
"servers": [
{
"listens": [
"0.0.0.0:23"
],
"serverNames": [
"testy"
],
"locations": [
{
"location": "/",
"accessIpv4": [
{
"rule": "deny",
"addr": "0.0.0.0",
"mask": "0.0.0.0"
}
]
}
]
}
]
}配置修改
修改PUT方法的配置,对应返回消息提示
curl -X 'PUT' 'http://127.0.0.1:8081/api/v1/config/http_dyn_bwlist' -d '{
"servers": [
{
"listens": [
"0.0.0.0:23"
],
"serverNames": [
"testy"
],
"locations": [
{
"location": "/",
"accessIpv4": [
{
"rule": "deny",
"addr": "192.168.40.157",
"mask": "255.255.255.255"
}
]
}
]
}
]
}'结果
{
"code": 0,
"msg": "success."
}