-
Notifications
You must be signed in to change notification settings - Fork 1
/
safety_rules_include_whitelist
124 lines (122 loc) · 4.21 KB
/
safety_rules_include_whitelist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# safety_rules_include_whitelist
# Version: v6.0
# add_rsp_header('X-ES-Version', 'v6.0')
# Updated: 2022-08-26 12:00:00
# Intro.: Optimized Block
# Known Issues: None
# ----------------------------VARIABLE-----------------------------
# Whitelisted IP
allow_ip = []
# Fake Source IP, now useless
# fake_ip = ''
# --------------------------VARIABLE END---------------------------
# -------------------NO EDIT FOLLOWING CONTENT---------------------
## -----------------------------FUNC-------------------------------
# Block Func
def block_details() {
# For Debug Only
add_rsp_header('X-Client-Country', client_country())
add_rsp_header('X-Client-IP', client_addr())
add_rsp_header('X-Client-ISP', client_isp())
# ISP拦截
c_isp = tostring(client_isp())
isp_ct = '100017'
isp_cm = '100025'
isp_cu = '100026'
isp_edu = '100027'
isp_ctt = '100020'
isp_ghyx = '100080'
isp_dfyx = '100023'
isp_pbs = '1000143'
if not(or(eq(isp_cm,c_isp), eq(isp_ct,c_isp), eq(isp_cu,c_isp), eq(isp_edu,c_isp), eq(isp_ctt,c_isp), eq(isp_ghyx,c_isp), eq(isp_dfyx,c_isp), eq(isp_pbs,c_isp))) {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', concat('请求被拦截:',c_isp))
exit(200, json_enc(var_resp_dict))
} else {
# 拦截代理
if req_header('x_forwarded_for') {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', '请求被拦截:使用代理')
exit(200, json_enc(var_resp_dict))
} else {
# 国家拦截
if ne(client_country(),'CN') {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', concat('非中国大陆IP拦截:',client_country()))
exit(200, json_enc(var_resp_dict))
}
}
}
}
def block_easy() {
# ISP拦截
c_isp = tostring(client_isp())
if not(or(eq('100025',c_isp), eq('100026',c_isp), eq('100017',c_isp), eq('100027',c_isp), eq('100020',c_isp), eq('100080',c_isp), eq('100023',c_isp), eq('1000143',c_isp))) {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', concat('请求被拦截:',c_isp))
exit(200, json_enc(var_resp_dict))
} else {
# 拦截代理
if req_header('x_forwarded_for') {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', '请求被拦截')
exit(200, json_enc(var_resp_dict))
} else {
# 国家拦截
if ne(client_country(),'CN') {
add_rsp_header('Content-Type', 'application/json')
var_resp_dict = []
set(var_resp_dict, 'code', -412)
set(var_resp_dict, 'message', concat('非中国大陆IP拦截: ',client_country()))
exit(200, json_enc(var_resp_dict))
}
}
}
}
# def block() {
# # Main Blocl Func
# if debug_mode {
# block_details()
# } else {
# block_easy()
# }
#
# }
## ---------------------------FUNC END-----------------------------
## -----------------------------FUNC-------------------------------
# Main Whitelist Func
w = false
c_ip = tostring(client_addr())
def determine_wlt(k, v, u) {
# Determine whether it's been already whitelist
if w {
return false
} else {
w = eq(v, c_ip)
}
}
if allow_ip {
foreach(allow_ip, determine_wlt, [])
}
if not(w) {
# if debug_mode please use block_details()
# block_details()
block_easy()
}
## ---------------------------FUNC END-----------------------------
## -----------------------------FUNC-------------------------------
# Fake IP Func
# if fake_ip {
# add_req_header('x_forwarded_for', fake_ip)
# }
## ---------------------------FUNC END-----------------------------