How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension.
How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. .
.
You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . rpaprocki Sounds like a good use case for the lua-resty-iputils Thibault linked, with an access_by_lua handler. Happy coding!On Wed, Jan 20, 2016 at 11:57 AM, davidsnt <dav...@gmail.com> wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . rpaprocki Sounds like a good use case for the lua-resty-iputils Thibault linked, with an access_by_lua handler. Happy coding!On Wed, Jan 20, 2016 at 11:57 AM, davidsnt <dav...@gmail.com> wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . rpaprocki Sounds like a good use case for the lua-resty-iputils Thibault linked, with an access_by_lua handler. Happy coding!On Wed, Jan 20, 2016 at 11:57 AM, davidsnt <dav...@gmail.com> wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . moonbingbing you can use ngx_http_geo_module to check ip list, and use lua code judge redirect to what server.2016-01-21 3:57 GMT+08:00 davidsnt <dav...@gmail.com>:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <dav...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <dav...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi David,If you have to use IP block,maybe you should write some calculate function with hexadecimal.IPv4 can convert hexadecimal. Then you can compare IP easily.This is just my idea.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- calculate first(min) IP and last(max) IP, c0a80100 - c0a801ff- you can also convert ngx.var.remote_addr to hexadecimal- then you can calc coming ip is in range c0a80100 - c0a801ff or notBTW I understand your use case and this idea is not useful for your case.If you use my idea, you need to convert all whitelist IP block and compare. It is high cost.Another idea is using NoSQL like memcached or just use ngx.shared.DICT.ex.- 192.168.1.0/24 range is 192.168.1.0 - 192.168.1.255- put all IP address in range to NoSQL like "{key: 192.168.1.0, value: true}", "{key: 192.168.1.1, value: true}", "{key: 192.168.1.2, value: true}" ... "{key: 192.168.1.255, value: true}"*note* this is not nginx's work. you should prepare some client program for do that.- Then you can compare very simple. you just ask to NoSQL that key: ngx.var.remote_addr is exist or not.Sorry for my poor English.2016年1月21日木曜日 4時30分24秒 UTC+9 David Santhosh:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. hamish.forbes Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. .
Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . hamish.forbes Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. .
Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . irt_m.jrsyo To Hamish,Yes, just in case it need entry for every IP in a range.If it use redis or memcached Instead of a shared dict,parse and put it them are not nginx's task. it is just another client program's task.So, nginx can be simple I think.But I like your module. Awesome.To David,If there are multiple servers, data like a whitelist need to share each other.If you put ip list in the lua code directly, to update them is a little bit troublesome.So, whitelist data should be outside of the nginx I recommend.2016年1月21日木曜日 20時14分33秒 UTC+9 Hamish Forbes:Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Using the shared dict like that you would have to have an entry for every IP in a range though.Or you'd have to parse the CIDR from a string everytime.Something to be aware of at least.On Thursday, 21 January 2016 10:36:38 UTC, irt_m...@ntworkers.com wrote:Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Hi Hamish,Oops, I didn't know your module sorry.To David,Hamish is right. Maybe lua-resty-iputils module is completely cover your need.But, if you have hundred, thousand whitelist IP blocks orif you want to update whitelist table dynamically,there is worth considering for my 2nd idea https://groups.google.com/d/msg/openresty-en/QddXoARyMtE/zB_QqVj-DQAJ.ex.)local dict = ngx.shared.whitelistif dict:get(ngx.var.remote_addr) then # something you need returnendAnyway, if you need to update whitelist dynamically,you have to think about nginx restart.2016年1月21日木曜日 18時57分35秒 UTC+9 Hamish Forbes:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . davidsnt Thank you for your input's guys, very helpful.--David On Thu, Jan 21, 2016 at 1:57 AM, Hamish Forbes <hamish...@gmail.com> wrote:Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. .
Hi,This is pretty much exactly what lua-resty-iputils will do.You'll just need to create a couple of tables listing your CIDRs and apply a tiny bit of logic in Lua to find out which set the remote address is in and perform a redirect.What is it that you feel is missing?HamishOn Wednesday, 20 January 2016 19:57:54 UTC, David Santhosh wrote:Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Sure, I have a list of whitelist ip blocks and need to check if the incoming request IP belongs to one of these IP blocks and act on it, so for example the corporate 1's ip block is 192.168.1.1 belongs to 192.168.1.0/24 then redirect to corp1.domain.com and next for corporate 2 192.178.1.1 redirect it to corp2.domain.com and so on...--David On Wed, Jan 20, 2016 at 11:53 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Can you explain your use case a little more? What functionality is nginx/ngx-lua missing out of the box that you need? I'm curious as to what you're trying to accomplish. Can you provide a simple code example for what you're looking for?On Wed, Jan 20, 2016 at 11:51 AM, davidsnt <davi...@gmail.com> wrote:Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
Thank you Thibault and Robert, links looks useful. But still think doing a compare with incoming ip address needs some work.--David On Wed, Jan 20, 2016 at 11:40 AM, Robert Paprocki <rpap...@fearnothingproductions.net> wrote:You probably don't need to do this with Lua; nginx's allow/deny directive support CIDR blocks.You may also want to see https://groups.google.com/forum/#!topic/openresty-en/G916sAMSOPY for a duplicate discussion.On Wed, Jan 20, 2016 at 11:30 AM, David Santhosh <davi...@gmail.com> wrote:How can I block/verify requests based on IP blocks? I want to check if a given IP address is within a whitelisted IP block; allow or deny based on result. Looks nginx only exposes ngx.var.remote_addr and binary_addr is there any module to do this with Lua extension. . erik.l.nelson What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. moonbingbing I think it's depends on your data and size.maybe you can test your data compare https://github.com/guanlan/lua-cmsgpack https://github.com/cloudflare/lua-capnprotowith JSON.2016-01-26 2:22 GMT+08:00 Nelson, Erik - 2 <erik.l...@bankofamerica.com>:What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
What's the current best practice for efficient/fast serializing of data, to disk or otherwise? JSON, protocol buffers, flat buffers? Thanks Erik ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. .
