🐛 CC detect logic error

ADD-SP · ADD-SP · commit 9cb51bba0cdf · 2020-08-22T17:35:10.000+08:00
diff --git a/inc/ngx_http_waf_module_check.h b/inc/ngx_http_waf_module_check.h
@@ -207,26 +207,25 @@ static ngx_int_t ngx_http_waf_handler_check_cc_ipv4(ngx_http_request_t* r, ngx_i
         HASH_ADD_INT(srv_conf->ipv4_times, key, hash_item);
     }
     else {
-        if (difftime(now, hash_item->start_time) >= srv_conf->waf_cc_deny_duration * 60.0) {
-            HASH_DEL(srv_conf->ipv4_times, hash_item);
-        }
-        else {
-            if (hash_item->times > (ngx_uint_t)srv_conf->waf_cc_deny_limit) {
+        if (hash_item->times > (ngx_uint_t)srv_conf->waf_cc_deny_limit) {
+            if (difftime(now, hash_item->start_time) > srv_conf->waf_cc_deny_duration * 60.0) {
+                HASH_DEL(srv_conf->ipv4_times, hash_item);
+            }
+            else {
                 ctx->blocked = TRUE;
                 strcpy((char*)ctx->rule_type, "CC-DENY");
                 strcpy((char*)ctx->rule_deatils, "");
                 *out_http_status = NGX_HTTP_SERVICE_UNAVAILABLE;
                 return MATCHED;
             }
-            else {
-                ++(hash_item->times);
-            }
+        }
+        else {
+            ++(hash_item->times);
         }
     }
     return NOT_MATCHED;
 }
 
-
 static ngx_int_t ngx_http_waf_handler_check_white_url(ngx_http_request_t* r, ngx_int_t* out_http_status) {
     ngx_http_waf_ctx_t* ctx = ngx_http_get_module_ctx(r, ngx_http_waf_module);
     ngx_http_waf_srv_conf_t* srv_conf = ngx_http_get_module_srv_conf(r, ngx_http_waf_module);
