去除aliyun IP位置API, 优化地域解析

rhost.c

@@ -111,45 +111,19 @@ char *process_json(char *buff, char *api)
 {
     char *area = NULL;
     int area_len = 0;
-    char *p;
+    char *p = NULL;
+    
+    if (buff == NULL)
+    {
+        return NULL;
+    }
 
     cJSON *cjson_init = cJSON_Parse(buff);
-
     if (cjson_init == NULL) {
         perror("cJSON_Parse");
         return NULL;
     }
-
-    p = strstr(api, "aliyun");          // aliyun Api
-    if (p) {
-        cJSON *data = cJSON_GetObjectItem(cjson_init, "data");
-        if (data != NULL) {
-            cJSON *region = cJSON_GetObjectItem(data, "region");
-
-            if (region) {
-                cJSON *isp = cJSON_GetObjectItem(data, "isp");
-                cJSON *city = cJSON_GetObjectItem(data, "city");
-                cJSON *country = cJSON_GetObjectItem(data, "country");
-                cJSON *district = cJSON_GetObjectItem(data, "district");
-
-                area_len = strlen(country->valuestring) + strlen(city->valuestring) + strlen(region->valuestring) + strlen(district->valuestring) + strlen(isp->valuestring);
-                area = (char *)alloca(area_len + 1);
-                if (buff == NULL)
-                    perror("out of memory.");
-                memset(area, 0, area_len + 1);
-                sprintf(area, "%s%s%s%s%s", isp->valuestring, country->valuestring, city->valuestring, region->valuestring, district->valuestring);
-            } else {
-                cJSON *msg = cJSON_GetObjectItem(cjson_init, "msg");
-
-                area_len = strlen(msg->valuestring);
-                area = (char *)alloca(area_len + 1);
-                if (buff == NULL)
-                    perror("out of memory.");
-                memset(area, 0, area_len + 1);
-                sprintf(area, "%s", msg->valuestring);
-            }
-        }
-    } else if ((p = strstr(api, "baidu")) != NULL) {        // baidu Api
+    if ((p = strstr(api, "baidu")) != NULL) {        // baidu Api
         int i;
 
         cJSON *data = cJSON_GetObjectItem(cjson_init, "data");
@@ -157,24 +131,25 @@ char *process_json(char *buff, char *api)
             for (i = 0; i < cJSON_GetArraySize(data); i++) {
                 cJSON *svalue = cJSON_GetArrayItem(data, i);
                 cJSON *location = cJSON_GetObjectItem(svalue, "location");
-
                 area_len = strlen(location->valuestring);
+                
                 area = (char *)alloca(area_len + 1);
-                if (buff == NULL)
+                if (area == NULL)
                     perror("out of memory.");
                 memset(area, 0, area_len + 1);
-                sprintf(area, "%s", location->valuestring);
+                
+                snprintf(area, area_len+1, "%s", location->valuestring);
             }
 
         } else {
-            area = (char *)alloca(270 + 1);
-            if (buff == NULL)
-                perror("out of memory.");
-            memset(area, 0, 270);
-
-            strcpy(area, "获取位置错误!");
+            return NULL;
         }
     }
+    else
+    {
+        cJSON_Delete(cjson_init);
+        return NULL;
+    }
 
     cJSON_Delete(cjson_init);
     return strdup(area);
@@ -644,14 +619,9 @@ int rule(conf * conf)
                 memset(URL, 0, conf->REGION_URL_LEN + 32);
                 sprintf(URL, conf->REGION_URL, buffer);
 
-                location_json = GET_PUBLIC_IP(URL);
-                if (location_json == NULL) {
-                    printf("获取地域错误\n");
-                    goto BLOCKED;
-                }
-                
+
                 if (conf->IP2REGION == 1) {              // ip2region 地址定位库
-                    printf("使用ip2region！！\n");
+                    printf("Use ip2region !!!\n");
 
                     if (-1 == access(xdb_path, F_OK))   // 判断 ip2region 地址定位库是否存在
                     {
@@ -663,7 +633,6 @@ int rule(conf * conf)
                         }
                     }
                     
-
                     area = ip2region(xdb_path, buffer);
                     if (area == NULL) {
                         printf("ip2region解析地域错误\n");
@@ -671,6 +640,12 @@ int rule(conf * conf)
                     }
                 } else {
 AREA:
+                    location_json = GET_PUBLIC_IP(URL);
+                    if (location_json == NULL) {
+                        printf("获取地域错误\n");
+                        goto BLOCKED;
+                    }
+                    
                     area = process_json(location_json, conf->REGION_URL);
                     if (area == NULL) {
                         printf("解析地域错误\n");
@@ -680,12 +655,15 @@ AREA:
                 
                 
                 if (isregion(area, region_list) == 1) {
-                    printf("Ip: %s, 地域白名单: %s\n", buffer, area);
+                    printf("Ip Address: %s, 地域白名单: %s\n", buffer, area);
                     continue;
                 }
 
             }
             
+            
+            printf("攻击者IP地址:%s, %s\n", buffer, area);
+            
 
             if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警
             {
@@ -1186,6 +1164,7 @@ goto_daemon:
                         
                         // 扫描病毒前,更新病毒库
                         update_freshclam(argc, argv);
+                        
                         r = _clamscan(head_argc, head_argvs);
                         virus_files = get_clamav_log("clamscan.log");
                         

rhost.conf

@@ -23,8 +23,7 @@ global {
     
     REGION = 1;                             // 是否启用地域白名单(1开启,非1关闭)
     IP2REGION = 1;                          // 是否使用本地 ip2region 地址定位库(1使用,非1不使用)
-    //REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8";       // 获取IP地域(aliyun付费API, 弃用)
-    REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f";
+    REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8";       // 获取IP地域API
     REGION_LIST = "河南 郑州 上海";              // 地域列表(空格隔开)