Added extra-safe checking with Varnish due to threading-oddities. Thanks to Mike Wallis.

This commit is contained in:
Scott Wallace 2012-11-08 13:57:29 +00:00
parent 8f6a30afba
commit 0ba358639f
2 changed files with 10 additions and 4 deletions

View file

@ -40,10 +40,16 @@ C{
{ {
char *sqlite3_error; char *sqlite3_error;
if (atoi(argv[0]) > 0) { /*
argv[0] - number of matches
argv[1] - remote_ip from SQL statement
Check that we have valid results and double check IP before blocking
*/
if (argc > 0 && atoi(argv[0]) > 0 && strcmp(argv[1], remote_ip) == 0) {
/* Any results indicate a block */ /* Any results indicate a block */
syslog(LOG_INFO, "Blocklist match found for %s. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", remote_ip, forwarded_ip, useragent, cookie); syslog(LOG_INFO, "Blocklist match found for %s/%s. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", remote_ip, argv[1], forwarded_ip, useragent, cookie);
VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", "1", vrt_magic_string_end); VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", remote_ip, vrt_magic_string_end);
} }
return 0; return 0;

View file

@ -9,7 +9,7 @@ C{
char *safecookie = str_replace(cookie, "'", "''"); char *safecookie = str_replace(cookie, "'", "''");
snprintf(statement, BUFSIZ, "SELECT COUNT(*) FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s') AND (cookie = 'ANY' OR instr('%s', cookie))", remote_ip, forwarded_ip, useragent, safecookie); snprintf(statement, BUFSIZ, "SELECT COUNT(*), remote_ip FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s')", remote_ip, forwarded_ip, useragent);
sqlite3_init(); sqlite3_init();
if (sqlite3_exec(db, statement, resultHandler, sp, &sqlite3_error) != SQLITE_OK) { if (sqlite3_exec(db, statement, resultHandler, sp, &sqlite3_error) != SQLITE_OK) {