Added extra-safe checking with Varnish due to threading-oddities. Thanks to Mike Wallis.
This commit is contained in:
parent
8f6a30afba
commit
0ba358639f
|
@ -40,10 +40,16 @@ C{
|
||||||
{
|
{
|
||||||
char *sqlite3_error;
|
char *sqlite3_error;
|
||||||
|
|
||||||
if (atoi(argv[0]) > 0) {
|
/*
|
||||||
|
argv[0] - number of matches
|
||||||
|
argv[1] - remote_ip from SQL statement
|
||||||
|
|
||||||
|
Check that we have valid results and double check IP before blocking
|
||||||
|
*/
|
||||||
|
if (argc > 0 && atoi(argv[0]) > 0 && strcmp(argv[1], remote_ip) == 0) {
|
||||||
/* Any results indicate a block */
|
/* Any results indicate a block */
|
||||||
syslog(LOG_INFO, "Blocklist match found for %s. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", remote_ip, forwarded_ip, useragent, cookie);
|
syslog(LOG_INFO, "Blocklist match found for %s/%s. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", remote_ip, argv[1], forwarded_ip, useragent, cookie);
|
||||||
VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", "1", vrt_magic_string_end);
|
VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", remote_ip, vrt_magic_string_end);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -9,7 +9,7 @@ C{
|
||||||
|
|
||||||
char *safecookie = str_replace(cookie, "'", "''");
|
char *safecookie = str_replace(cookie, "'", "''");
|
||||||
|
|
||||||
snprintf(statement, BUFSIZ, "SELECT COUNT(*) FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s') AND (cookie = 'ANY' OR instr('%s', cookie))", remote_ip, forwarded_ip, useragent, safecookie);
|
snprintf(statement, BUFSIZ, "SELECT COUNT(*), remote_ip FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s')", remote_ip, forwarded_ip, useragent);
|
||||||
|
|
||||||
sqlite3_init();
|
sqlite3_init();
|
||||||
if (sqlite3_exec(db, statement, resultHandler, sp, &sqlite3_error) != SQLITE_OK) {
|
if (sqlite3_exec(db, statement, resultHandler, sp, &sqlite3_error) != SQLITE_OK) {
|
||||||
|
|
Loading…
Reference in a new issue