增加对referer的访问白名单

redirect.lua

@@ -17,7 +17,7 @@ function _ReM.checkgoogle(red)
     end
 
     --新增如果refer不在对应的设置里面，才计算302重定向次数  get_headers里面就是浏览器的请求头小写
-    if red:sismember('ichunt_waf_white_referer', ngx.req.get_headers()['referer']) ~= 0 then
+    if red:sismember('ichunt_waf_white_referer', ngx.req.get_headers()['referer']) == 0 then
 
         --获取多少时间内同一个ip可以几次302，超过就加入黑名单
         threezerotwo_second , err = red:get('threezerotwo_second')

waf.lua

@@ -60,10 +60,15 @@ if config.redis_auth ~= "" and ok then
 end
 
 
-if ngx.req.get_headers()['referer'] == nil then
-	ngx.req.get_headers()['referer'] = ""
+local referer = ""
+if ngx.req.get_headers()['referer'] ~= nil then
+	referer = ngx.req.get_headers()['referer']
 end
 
+ngx.say(referer)
+ngx.say(red:sismember('ichunt_waf_white_referer', referer))
+ngx.say(red:sismember('ichunt_waf_white_referer', referer) == 0)
+ngx.exit(ngx.HTTP_FORBIDDEN)