From 5ce554fc48bdedc82f7897d46dbaf59a683af9ed Mon Sep 17 00:00:00 2001 From: Scott Wallace Date: Thu, 8 Nov 2012 14:03:38 +0000 Subject: [PATCH] Removed cookie checking -- deprecated. Added better NULL input handling. Altered the logging levels for blocklist matches and module initialisation. --- apache/README | 3 +- apache/mod_blockinator.c | 59 ++++++++++-------------------------- sqlite.py | 2 ++ sqlite_instr/Makefile | 6 ---- sqlite_instr/instr.sqlext | Bin 6433 -> 0 bytes sqlite_instr/sqlite_instr.c | 35 --------------------- 6 files changed, 19 insertions(+), 86 deletions(-) delete mode 100644 sqlite_instr/Makefile delete mode 100755 sqlite_instr/instr.sqlext delete mode 100644 sqlite_instr/sqlite_instr.c diff --git a/apache/README b/apache/README index c928876..680848d 100644 --- a/apache/README +++ b/apache/README @@ -19,9 +19,8 @@ Installation LoadModule blockinator_module modules/libmodblockinator.so 2. Configure mod_blockinator by adding the following lines in the appropriate location(s): - 1. Define where Blockinator is installed and where the blocklist DB can be found: + 1. Define where the blocklist DB can be found: - BlockinatorHome /path/to/blockinator BlockinatorBlocklistDB /path/to/blocklist.db 2. Create a mod_rewrite rule to block requests, if matched: diff --git a/apache/mod_blockinator.c b/apache/mod_blockinator.c index 699b21b..dbd2daf 100644 --- a/apache/mod_blockinator.c +++ b/apache/mod_blockinator.c @@ -18,7 +18,6 @@ #include "http_config.h" #include "http_log.h" #include -#include module AP_MODULE_DECLARE_DATA blockinator_module; @@ -27,7 +26,6 @@ module AP_MODULE_DECLARE_DATA blockinator_module; */ sqlite3 *db; typedef struct { - const char *basepath; const char *db; } blockinator_cfg_t; @@ -42,16 +40,6 @@ static void *create_blockinator_config(apr_pool_t *p, server_rec *s) return mod_config; } -/* - * Function to set the configuration item, 'basepath' - */ -static const char *blockinator_set_config_basepath(cmd_parms *parms, void *mconfig, const char *arg) -{ - blockinator_cfg_t *cfg = ap_get_module_config(parms->server->module_config, &blockinator_module); - cfg->basepath = (char *)arg; - return NULL; -} - /* * Function to set the configuration item, 'db' */ @@ -67,33 +55,40 @@ static const char *blockinator_set_config_db(cmd_parms *parms, void *mconfig, co */ static int mod_blockinator_method_handler(request_rec *r) { - const char *remote_ip, *forwarded_ip, *useragent, *cookie; + const char *remote_ip, *forwarded_ip, *useragent; char *statement; char *sqlite3_error; sqlite3_stmt *sqlite3_statement; + int sqlite3_rc; /* Capture the relevant information from the inbound request */ remote_ip = r->connection->remote_ip; forwarded_ip = apr_table_get(r->headers_in, "X-Forwarded-For"); useragent = apr_table_get(r->headers_in, "User-Agent"); - cookie = apr_table_get(r->headers_in, "Cookie"); + + if (forwarded_ip == NULL) { + forwarded_ip = "(null)"; + } + + if (useragent == NULL) { + useragent = "(null)"; + } /* Build the SQL statement */ - statement = sqlite3_mprintf("SELECT * FROM blocklist WHERE remote_ip = '%q' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%q') AND (useragent = 'ANY' OR useragent = '%q') AND (cookie = 'ANY' OR instr('%q', cookie))", remote_ip, forwarded_ip, useragent, cookie); + statement = sqlite3_mprintf("SELECT * FROM blocklist WHERE remote_ip = '%q' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%q') AND (useragent = 'ANY' OR useragent = '%q')", remote_ip, forwarded_ip, useragent); /* Prepare the statement */ - if (sqlite3_prepare_v2(db, statement, BUFSIZ, &sqlite3_statement, NULL) != SQLITE_OK) { + sqlite3_rc = sqlite3_prepare_v2(db, statement, BUFSIZ, &sqlite3_statement, NULL); + if (sqlite3_rc != SQLITE_OK) { /* SQLite error. Allow. */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SQLite error (%s). Allow traffic from %s by default.", sqlite3_error, remote_ip); - sqlite3_free(sqlite3_error); - + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SQLite error (%s). Allow traffic from %s by default.", sqlite3_errmsg(db), remote_ip); return DECLINED; } /* Check for any results. */ if (sqlite3_step(sqlite3_statement) == SQLITE_ROW) { /* SQLite results. Time to block. */ - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Blocklist match. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", forwarded_ip, useragent, cookie); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Blocklist match. (Forwarded_IP: %s, User-Agent: %s)", forwarded_ip, useragent); apr_table_set(r->headers_in, "X-Block", "1"); } @@ -112,31 +107,16 @@ static int mod_blockinator_method_handler(request_rec *r) static void mod_blockinator_init_handler(apr_pool_t *p, server_rec *s) { char *sqlite3_error; - char sqlite3_instr_extension[BUFSIZ]; /* Read config from module */ blockinator_cfg_t *cfg = ap_get_module_config(s->module_config, &blockinator_module); - /* Build the full path to the SQLite instr() extension */ - sprintf(sqlite3_instr_extension, "%s/sqlite_instr/instr.sqlext", cfg->basepath); - /* Open the SQLite DB */ + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Opening mod_blockinator blocklist DB: %s.", cfg->db); if (sqlite3_open_v2(cfg->db, &db, SQLITE_OPEN_READONLY, "unix-none")) { /* Error. */ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_blockinator: SQLite error (%s). Could not open database.", sqlite3_errmsg(db)); } - - /* Load the EDSA SQLite extension for instr() */ - if ((sqlite3_enable_load_extension(db, 1) != SQLITE_OK) || - (sqlite3_load_extension(db, sqlite3_instr_extension, 0, &sqlite3_error) != SQLITE_OK) - ) { - /* FAIL */ - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_blockinator: SQLite error (%s). Failed to load the instr() extension.", sqlite3_error); - sqlite3_free(sqlite3_error); - } else { - /* SQLite module successfully loaded. */ - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "mod_blockinator: SQLite loaded the instr() extension successfully."); - } } /* @@ -155,13 +135,6 @@ static void register_hooks(apr_pool_t *p) * Apache configuration directives */ static const command_rec mod_blockinator_directives[] = { - AP_INIT_TAKE1( - "BlockinatorHome", - blockinator_set_config_basepath, - NULL, - RSRC_CONF, - "BlockinatorHome (filepath). The base directory of Blockinator." - ), AP_INIT_TAKE1( "BlockinatorBlocklistDB", blockinator_set_config_db, diff --git a/sqlite.py b/sqlite.py index 5f64b31..213718a 100755 --- a/sqlite.py +++ b/sqlite.py @@ -23,6 +23,8 @@ class SQLiteBlockList(blocklist.BlockList): cur.execute("DELETE FROM blocklist") for key,item in self.data.iteritems(): + if item["useragent"] == 'NULL': + item["useragent"] = '(null)' cur.execute("INSERT INTO blocklist VALUES ('%s', '%s', '%s', '%s')" % (item["remote_ip"], item["forwarded_ip"], item["useragent"], item["cookie"])) db.commit() cur.close() diff --git a/sqlite_instr/Makefile b/sqlite_instr/Makefile deleted file mode 100644 index b512500..0000000 --- a/sqlite_instr/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -CC=gcc - -all: instr.sqlext - -instr.sqlext: sqlite_instr.c - $(CC) -shared -fPIC -Isqlite3 -o instr.sqlext sqlite_instr.c diff --git a/sqlite_instr/instr.sqlext b/sqlite_instr/instr.sqlext deleted file mode 100755 index 53118c29c911c2a03942d6f5d3f498ca1594898c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6433 zcmcgwZ){sv6~DHV%vsXJD_z^Ig+5K~lmdOYe@O=!P7^1uQ`VOJkr)L%oY-kR96Pn2 zr*y1PEv1^5Wy-oQNFa?5e3;e`Y_Mr(pL>4y{JHPE`{%v$y=Y&L-{%VmMFH`k@Sz>4cY%n)!%eCI77^{D0l%BY zJyKVxt|)j~%|TaSE`%WgiqU{8r20ca7iTW~QcY}Bob5;?yNI%jC_Cn-$T5hyQWJH+ z=$cjiI^Rl0Am*e?bmXQJr}i^}Z^~OWtv=gAqND-a|v;;-(7? zXX3wky5Z!jFD=Z!dGW@%1(|N@C;yzsr{=Z>L|x=_gpsd1ab0}p>=Rwl8}Bb3|JvpY zGq+kM&(z=e>-7&>o^%>cJo1$vy#n^cD z7%DD5r>{%>CUHsmq47zw?PKGaw4HNeS;w}8J(^4>g>8>a#;6%fB_B@+`=Q6|{=~6l z&PimuQn6evkrTP&sic$GZO0~(<#sZibFu=LWJ)11=_Jy*Bx1m`BT~uX5i^%D_X#@@ zk2x{K8qVe1_<+)J(c5?MK$pGC+-2_NK?*D{Kju#5AN3M)9Gvn&l)pFGNZQZ4qG(s^ zjq||rT%#d1C>=ESn67y6@=`|Uf(I{eKEM|}cr!ZzU-IA;Q&K$_dTd@i=)t}FlQs2z zu-FUb;@kAofiYQAZv^K{d*7}zL}}Zf@!Ps3f)>eR&=K!0l|bA6Kr&7LcNZX12NC(R zrt43l)B66L<1Z~pce6}Gr#fClpRfuyI|m2y!`4*C7|BkvHPi9B-w?&K@Mg_?`iE%u z&1`!HO!@2E{*HC&qkuK_p3mC9m@`_pbW^-JpH-;;CVX_3*1ZAMehR&RF?;h@^$()y zJKFh;tMj9+TTavPpx85vCDe|9VYf74NbxSh+T-&%#}5)_`RR+ySYQp!q2YkCM5lncLyVe#cp zaL0w{^5y8q?hsEd3uiqPmJ7cmwZgUSmkL*KqlM_l@V}G&KQ-$YVtNQzbWwULUAsC@ zgC4-B+cD~*RmdaA&?2lpl8HpK5Q6kKDPi~j~oZ&Tn)8xe?Non=h>Ih|0eq79>x6=QvrXER6*|wA)F*e zbeVBp_ZWgC+B1lF&GNai#)ZrK>OVdyWe7U23@OP(M*=Qa+o_ubK)jc{;C729#VJoj z%1jj1{y@1S3cIYFH{RAaD11(B7L13LET;r?W|bZ`KS>-9X_Vs+DShNe%AAK~B`>Ri z{Y&dt?*8wL-;eabpHUCMRJ^yV>j9$;Zywu?JtqE)UE!VK@E3ROGurwSal?u^F1};u z?(IUDxfA0~Y#7|hx_pdV>5P*wkEQeGa6Xxe??}dll*VGYF=56}q+#iDoN%(|u|$?m zwF<#TUpA47k%4MWq#R+&lh1T;6be%wux2(R4?i<8W{+lL;|Y5#4qKLlIpSopIRtds zqa)}f1M&`AIg;3Tas<&c@QEK&2EtJa+sycQBJJp@`=8`Zu%bD~^K`ZMPV1 z>z|lYY|rb6dAHK!b;0wQ9kioCYl!X34Fw!g6Pe-?#P&S@Bf!Wv+w;0*&g&E^l6YOP zY@tDGhV6NsFsHqYh{w-*%!klNYmjALhs+H!2GRH_Hjke$qBt(TH|a#zna9~saejUbzohJWe(?8d`8$>sSFwLZvp3ZHw4nm&`PSo~*X+Z}KCBdVeO>;A zX3yt%`)%6)8us*z`2P7^i75M1>Va|IIX>UlbuIo}qX9&SId#ysNonPW?U^s4i$ZXG zKKF~aY5ynKk}tOB@5vA?R*=5_IIi0(#9z>$_+bVVXZsx*uF@fGsOv6V9NVkfq2hnw z1<_`EhDqkN!x-_f`k3bROy|t!aq;;1z9>z#;!mg-qgS+mnh5LFDS*-PdFIs$V8nbr zRpJ;)jhjIsqx?Qtsb4SnoT$VbM2IJxrz3!qmiKiJjQbA?-mfe1>UszD2e6a#{#vQu zRIZa%;?;Eo*UuWk`&^}dOS!I8iMI;gmn!iP>Sl%)lI;Ly7w;$D&HySKyiZi(pDKUP zSK{kXUo*UrYzM^MSf{n{_2u_(uTcPX6JB4HIM2ov)ScJW`K0wyhkDS8rrV-@-iIoM zo`=s$ygCo<60gof6u2L6MBh^9A4Ey?!RPagpVz^o3g4*e3%tH2fs>yl&ChD%KP~-) z#6~U8&q=&h1lciUB6_d#)p(BQfK%KEf5?zB=n}44d0PPPLq2)mBwZqRU#p%Ee@CAW z^Qui7CqU^(pC^sL*J3<+eQg79g92%E|0?(c(ogj|iU6-wkLv?|pXQrH`rNNoXM959 z)%CmQfm8iapSLe4T(3+1WEK5$(tnNpWF(eKc}j$0B4Aax!`Eb-`iNbJuC5rrfl2P0`C2EiO(4#T;_8mUZ*=HZ_=^2O)+Jl`3 z`l2-UcrIg)#nSN -#include - -SQLITE_EXTENSION_INIT1 - -/* -** The sqlite3_instr() SQL function returns the location of a substring match. An -** implementation of MySQL's instr() function. -*/ -void sqlite3_instr(sqlite3_context* pContext, int argc, sqlite3_value** argv) -{ - const char *str1 = (const char *) sqlite3_value_text(argv[0]); - const char *str2 = (const char *) sqlite3_value_text(argv[1]); - - char *p = strstr(str1, str2); - int nResult = 0; - - if(p != NULL) { - nResult = p - str1 + 1; - } - - sqlite3_result_int(pContext, nResult); -} - -/* SQLite invokes this routine once when it loads the extension. -** Create new functions, collating sequences, and virtual table -** modules here. This is usually the only exported symbol in -** the shared library. -*/ -int sqlite3_extension_init(sqlite3 *db, char **pzErrMsg, const sqlite3_api_routines *pApi) -{ - SQLITE_EXTENSION_INIT2(pApi) - sqlite3_create_function(db, "instr", 2, SQLITE_ANY, 0, sqlite3_instr, 0, 0); - return 0; -}