Hello,
I'm using the lua-nginx-module to manage a blacklist on a Redis server. After some days using this module I've noticed that sometimes the block is avoided, and after some research and I've found the reason.
My server is behind a load balancer, so it receive both petitions at same port. To redirect to HTTPS I've added this lines on nginx server section:
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}
Before this code I've added this line:
access_by_lua_file /etc/nginx/lua/redis_authentication.lua;
And this file have a simple code to connect to redis, check if an IP addres is in blacklist and then returns 444 if blacklisted.
local red = redis:new()
red:set_timeout(200)
local ok, err = red:connect("1.1.1.1", 6379)
red:select(0)
if not ok then
ngx.log(ngx.ERR, "failed to connect: " .. err)
return
end
local remote_addr = ngx.var.remote_addr
local res, err = red:exists(remote_addr)
if not res then
ngx.log(ngx.ERR, "failed to get data: " .. err)
return
end
if res == ngx.null or res == 0 then
red:set_keepalive(60000, 4096)
else
red:set_keepalive(60000, 100)
ngx.exit(444)
end
With this code I've noticed that when the blacklisted IP ask for the HTTPS version of the webpage is always blocked (as expected), but when it ask for the HTTP version then sometimes is blocked and sometimes redirected. After remove the IF the problem is gone, so looks like the IF is causing conflicts with the lua authentication:
The ratio is high, and that's why it calls my attention.
Before post a bug report I've prefered to ask here because maybe I'm doing something wrong.
Someone knows why can be happen or a way to avoid it?.
Thanks!
