HOME_kr - madvirus/ip-filter GitHub Wiki
IP ์ ๊ทผ ํ์ฉ/์ฐจ๋จ ์ํ ๊ฐ๋จํ ์๋ฐ ๊ธฐ๋ฐ IP ํํฐ๋ง ๋ชจ๋
| ๋ชจ๋ ์ด๋ฆ | ์ค๋ช | ํ์ ๋ชจ๋ |
|---|---|---|
| ip-filter-core | IP ํํฐ๋ง ์ํ ํต์ฌ API ์ ๊ณต | - |
| ip-filter-conf-parser | ๋ฌธ์์ด์ Config๋ก ๋ณํํด์ฃผ๋ ํ์ ์ ๊ณต | ip-filter-core |
| ip-filter-web-api | ํน์ IP๋ฅผ ์ฐจ๋จํด์ฃผ๋ ์น ํํฐ API ์ ๊ณต | - |
| ip-filter-web-simple | ip-filter-web-api์ ๊ฐ๋จํ ๊ตฌํ ์ ๊ณต | ip-filter-web-simple ip-filter-conf-parser ip-filter-core |
<repositories>
<!-- repository for ip-filter module -->
<repository>
<id>ip-filter-mvn-repo</id>
<url>https://raw.github.com/madvirus/ip-filter/mvn-repo/</url>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.chimi.ipfilter</groupId>
<artifactId>ip-filter-core</artifactId> <!-- Module name -->
<version>0.2</version>
</dependency>
</dependencies>import org.chimi.ipfilter.Config;
import org.chimi.ipfilter.IpFilter;
import org.chimi.ipfilter.IpFilters;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
public class IpFilterTest {
@Test
public void basicUsageOfIpFilter() {
// Config ์ด๊ธฐํ
Config config = new Config();
config.setAllowFirst(true);
config.setDefaultAllow(false);
config.allow("1.2.3.4"); // ํ์ฉ IP ์ถ๊ฐ
config.allow("10.20.30.40");
config.deny("101.102.103.104"); // ์ฐจ๋จ IP ์ถ๊ฐ
// IpFilters.create() ๋๋ IpFilters.createCached() ๋ฉ์๋๋ฅผ ์ด์ฉํด์ IpFilter ์์ฑ
IpFilter ipFilter = IpFilters.create(config);
// accept() ๋ฉ์๋๋ฅผ ์ด์ฉํด IP ํํฐ๋ง
assertTrue(ipFilter.accept("1.2.3.4"));
assertFalse(ipFilter.accept("101.102.103.104"));
}
}Config ํด๋์ค์ allow/deny ๋ฉ์๋์์ ํ๋ผ๋ฏธํฐ ๊ฐ์ผ๋ก ์ฌ์ฉํ ์ ์๋ ๋ฌธ์์ด ํจํด:
- IP:
1.2.3.4(์ ํํ๊ฒ ์ผ์น) - ๋คํธ์ํฌ ๋ฒ์:
1.1.1.64/26(1.1.1.64 ~ 1.1.1.127) ** 64/26: 26์ ๋คํธ์ํฌ ์ฃผ์์ ๋นํธ ๊ธธ์ด - ์ ์ฒด:
1.2.3.*,1.2.*,1.*,*
Config ๊ฐ์ฒด์ allowFirst ํ๋กํผํฐ ๊ฐ์ด true์ผ ๊ฒฝ์ฐ, IpFilter๋ ํ์ฉ IP์ธ์ง ์ฌ๋ถ๋ฅผ ๋จผ์ ํ์ธํ๊ณ , ๊ทธ ๋ค์์ ์ฐจ๋จ IP ์ฌ๋ถ๋ฅผ ํ์ธํ๋ค. ์๋ฅผ ๋ค์ด, ๋ค์ ์ฝ๋์์ ipFilter.accept("1.2.3.4")๋ true๋ฅผ ๋ฆฌํดํ๋ค.
Config config = new Config();
config.setAllowFirst(true);
config.setDefaultAllow(false);
config.allow("1.2.3.4");
config.deny("1.2.3.*");
config.accept("1.2.3.4"); // trueallowFirst๊ฐ false๋ผ๋ฉด, ์ฐจ๋จ ๋ชฉ๋ก์ ๋จผ์ ๊ฒ์ฌํ๋ฏ๋ก config.accept("1.2.3.4")๋ false๋ฅผ ๋ฆฌํดํ๋ค.
IpFilter์ accept() ๋ฉ์๋๋ ๊ฒ์ฌ ๋์ IP๊ฐ allow/deny ๋ชฉ๋ก๊ณผ ๋งค์นญ๋์ง ์์ ๊ฒฝ์ฐ defaultAllow์ ์ง์ ํ ๊ฐ์ ๋ฆฌํดํ๋ค.
Config config = new Config();
config.setAllowFirst(true);
config.setDefaultAllow(false);
config.allow("1.2.3.4");
config.deny("1.2.3.5");
config.accept("1.2.3.6"); // ์ด๋ค ์ค์ ๋ ์ผ์นํ์ง ์์! ๋ฐ๋ผ์ false ๋ฆฌํด (defaultAllow๊ฐ false)ip-filter-conf-parser๋ ๋ฌธ์์ด์ Config ๊ฐ์ฒด๋ก ๋ณํํด์ค๋ค.
์ํ์น htaccess์ ๋น์ทํ ๋ฌธ๋ฒ์ ์ฌ์ฉ:
# ์ฃผ์
order allow,deny
default true
allow from 1.2.3.4
allow from 1.2.3.* # ๋ค์ ์ฃผ์
deny from all
// ์ค์ ๋ก๋, confValue ๋์ ํ์ผ ๊ฐ์ ๊ณณ์์ ๋ฐ์ดํฐ๋ฅผ ์ฝ์ด์ฌ ๊ฒ์ด๋ค.
String confValue =
"order deny,allow\n" +
"allow from 1.2.3.4\n" +
"deny from 10.20.30.40\n" +
"allow from 101.102.103.*\n" +
"allow from 201.202.203.10/64";
Config config = new ConfParser().parse(confValue);ip-filter-web-api๋ IP ์ฐจ๋จ ์ํ ์๋ธ๋ฆฟ ํํฐ์ธ IpBlockFilter๋ฅผ ์ ๊ณตํ๋ค. IpBlockFilter๋ ํด๋ผ์ด์ธํธ IP๊ฐ ์ฐจ๋จ IP์ธ ๊ฒฝ์ฐ 404 ์๋ฌ ์ฝ๋๋ฅผ ์ ์กํ๋ค.
ip-filter-web-simple์ ip-filter-web-api ๋ชจ๋์ ๊ตฌํ์ฒด์ด๋ค. ์ด ๋ชจ๋์ ๊ฐ๋จํ ์ค์ ์ ์ฌ์ฉํ๋ค.
<repositories>
<!-- repository for ip-filter module -->
<repository>
<id>ip-filter-mvn-repo</id>
<url>https://raw.github.com/madvirus/ip-filter/mvn-repo/</url>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.chimi.ipfilter</groupId>
<artifactId>ip-filter-web-api</artifactId>
<version>0.2</version>
</dependency>
<dependency>
<groupId>org.chimi.ipfilter</groupId>
<artifactId>ip-filter-web-simple</artifactId>
<version>0.2</version>
</dependency>
...web.xml:
<filter>
<filter-name>ipBlockFilter</filter-name>
<filter-class>org.chimi.ipfilter.web.IpBlockFilter</filter-class>
<init-param>
<param-name>type</param-name>
<param-value>text</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>
order allow,deny
allow from 127.0.0.1
deny from all
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ipBlockFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>web.xml:
<filter>
<filter-name>ipBlockFilter</filter-name>
<filter-class>org.chimi.ipfilter.web.IpBlockFilter</filter-class>
<init-param>
<param-name>type</param-name>
<param-value>file</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>
c:\somepath\access.conf
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ipBlockFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>access.conf:
order allow,deny
allow from 127.0.0.1
deny from all
<filter>
<filter-name>ipBlockFilter</filter-name>
<filter-class>org.chimi.ipfilter.web.IpBlockFilter</filter-class>
<init-param>
<param-name>type</param-name>
<param-value>classpath</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>
/org/chimi/config/access.conf
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ipBlockFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>TODO