VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-03 16:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

mod_noloris: switch to fixed-sized shm ip storage, correct size, avoid strstr

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@791271 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Nick Kew
2009-07-05 16:50:12 +00:00
parent e2430eab18
commit 998f06a1fd
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
modules/experimental/mod_noloris.c
View File

@ -44,6 +44,8 @@
module AP_MODULE_DECLARE_DATA noloris_module; module AP_MODULE_DECLARE_DATA noloris_module;
module AP_MODULE_DECLARE_DATA core_module; module AP_MODULE_DECLARE_DATA core_module;
#define ADDR_MAX_SIZE 48
static unsigned int default_max_connections; static unsigned int default_max_connections;
static apr_hash_t *trusted; static apr_hash_t *trusted;
static apr_interval_time_t recheck_time; static apr_interval_time_t recheck_time;
@ -71,14 +73,17 @@ static int noloris_conn(conn_rec *conn)
/* check the IP is not banned */ /* check the IP is not banned */
shm_rec = apr_shm_baseaddr_get(shm); shm_rec = apr_shm_baseaddr_get(shm);
if (strstr(shm_rec, conn->remote_ip)) { while (shm_rec[0] != '\0') {
apr_socket_t *csd = ap_get_module_config(conn->conn_config, &core_module); if (!strcmp(shm_rec, conn->remote_ip)) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, apr_socket_t *csd = ap_get_module_config(conn->conn_config, &core_module);
"Dropping connection from banned IP %s", conn->remote_ip); ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
//ap_flush_conn(conn); /* just close it */ "Dropping connection from banned IP %s",
apr_socket_close(csd); conn->remote_ip);
apr_socket_close(csd);
return DONE; return DONE;
}
shm_rec += MAX_ADDR_SIZE;
} }
/* store this client IP for the monitor to pick up */ /* store this client IP for the monitor to pick up */
@ -123,7 +128,7 @@ static int noloris_monitor(apr_pool_t *pool)
if (connections == NULL) { if (connections == NULL) {
connections = apr_hash_make(pool); connections = apr_hash_make(pool);
totals = apr_palloc(pool, server_limit*thread_limit); totals = apr_palloc(pool, server_limit*thread_limit);
ip = apr_palloc(pool, 18); ip = apr_palloc(pool, ADDR_MAX_SIZE);
} }
/* Get a per-client count of connections in READ state */ /* Get a per-client count of connections in READ state */
@ -158,9 +163,8 @@ static int noloris_monitor(apr_pool_t *pool)
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, 0,
"noloris: banning %s with %d connections in READ state", "noloris: banning %s with %d connections in READ state",
ip, *n); ip, *n);
strcpy(shm_rec++, " "); /* space == separator */
strcpy(shm_rec, ip); strcpy(shm_rec, ip);
shm_rec += strlen(ip); shm_rec += ADDR_MAX_SIZE;
} }
} }
} }
@ -172,7 +176,7 @@ static int noloris_post(apr_pool_t *pconf, apr_pool_t *ptmp, apr_pool_t *plog,
{ {
apr_status_t rv; apr_status_t rv;
int max_bans = thread_limit * server_limit / default_max_connections; int max_bans = thread_limit * server_limit / default_max_connections;
shm_size = 18 * max_bans; shm_size = ADDR_MAX_SIZE * max_bans;
rv = apr_shm_create(&shm, shm_size, NULL, pconf); rv = apr_shm_create(&shm, shm_size, NULL, pconf);
if (rv != APR_SUCCESS) { if (rv != APR_SUCCESS) {