在我们的Web应用程序框架意外将CDN / WAF提供程序列入黑名单之后,今天早上我收到了有关502服务器错误的报告。 我想通过将其IP列入白名单来确保不会再次发生这种情况,但是它们具有许多IP,并且其数据仅以IPv4和IPv6 CIDR表示法可用。
除了确定当前主机的IP之外,ColdFusion没有任何内置的IP相关工具...因此,我开始寻找潜在的现有解决方案。
I checked CFDocs and discovered that there was an is一世PInRange function (without any examples), but it was a Lucee-only function. The Lucee function accepts either a comma-separated list or an array of IP definitions, but doesn't support CIDR or Regex.
I checked CFLib and discovered that there was a is一世PInRange UDF with the same name from 2005 that used a list of regex values, but it didn't support CIDR or dash-delimited range (well, unless you wanted to write the regex for that).
I had been using a method that Anjo Gakhar blogged about in 2008 that demonstrates the use of the undocumented coldfusion.util.一世PAddressUtils class to identify whether a string is a valid IPv4 or IPv6 IP address or not.
I then found a 2018 blog post by Ben Nadel documenting his implementation of using Commons 一世P Math to check if an IPv4 or IPv6 IP exists in a CIDR range, but it is dependent on separate java library (MIT) called Commons 一世P Math. The code example also only supported a single CIDR range.
由于现有解决方案都无法完全满足我的需求,因此我决定编写自己的ColdFusion UDF,并结合所有方面的最佳功能。
- Performs IPv4 & IPv6 validation
- Supports IPv4 & IPv6 CIDR range notation
- Supports list or array of ranges
- Supports regex range rules
- Supports dash-delimited IP address range
- Supports single IP (versus a range)
- Requires Commons IP Math JAR File
由于我所有的Web应用程序都位于CDN / WAF的后面,并且如果将CDN列入黑名单,可能会受到负面影响,所以我认为最好将JAR添加到全局路径而不是使用Javaloader。 我也没有像Ben那样将其写为独立的CFC。 我的大多数项目都使用全局UDF库,这是最简单的集成方法,因为我不必手动更新每个项目。
Source Code
Here's a link to the gist. Due to the JAR requirement, this unfortunately can't be demoed using TryCF.
[ https://gist.github.com/JamoCA/27cf5307d7b8854c62539fdeebbea51f ]
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
