scott/blockinator
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Removed cookie checking for Varnish -- deprecated.

Browse source
This commit is contained in:
Scott Wallace 2012-11-08 14:10:54 +00:00
parent 5ce554fc48
commit ce22093fd4
2 changed files with 2 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
varnish/blockinator.vcl
View file

@ -1,5 +1,4 @@
C{ C{
#define BLOCKINATOR_HOME "/srv/app/blockinator"
#define BLOCKLIST_DB "/srv/tmp/blocklist.db" #define BLOCKLIST_DB "/srv/tmp/blocklist.db"
#include <stdio.h> #include <stdio.h>
@ -8,7 +7,7 @@ C{
#include <string.h> #include <string.h>
#include <malloc.h> #include <malloc.h>
char *remote_ip, *forwarded_ip, *useragent, *cookie; char *remote_ip, *forwarded_ip, *useragent;
sqlite3 *db; sqlite3 *db;
@ -23,16 +22,6 @@ C{
syslog(LOG_ERR, "SQLite error (%s). Could not open database.", sqlite3_errmsg(db)); syslog(LOG_ERR, "SQLite error (%s). Could not open database.", sqlite3_errmsg(db));
} }
init = 1; init = 1;
/* Load the EDSA SQLite extension for instr() */
if ((sqlite3_enable_load_extension(db, 1) != SQLITE_OK) ||
(sqlite3_load_extension(db, BLOCKINATOR_HOME"/sqlite_instr/instr.sqlext", 0, &sqlite3_error) != SQLITE_OK)
) {
syslog(LOG_ERR, "SQLite error (%s). Failed to load the instr() extension.", sqlite3_error);
sqlite3_free(sqlite3_error);
} else {
syslog(LOG_INFO, "SQLite loaded the instr() extension successfully.");
}
} }
} }
@ -48,32 +37,10 @@ C{
*/ */
if (argc > 0 && atoi(argv[0]) > 0 && strcmp(argv[1], remote_ip) == 0) { if (argc > 0 && atoi(argv[0]) > 0 && strcmp(argv[1], remote_ip) == 0) {
/* Any results indicate a block */ /* Any results indicate a block */
syslog(LOG_INFO, "Blocklist match found for %s/%s. (Forwarded_IP: %s, User-Agent: %s, Cookie: %s)", remote_ip, argv[1], forwarded_ip, useragent, cookie); syslog(LOG_INFO, "Blocklist match found for %s/%s. (Forwarded_IP: %s, User-Agent: %s)", remote_ip, argv[1], forwarded_ip, useragent);
VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", remote_ip, vrt_magic_string_end); VRT_SetHdr(sp, HDR_REQ, "\010X-Block:", remote_ip, vrt_magic_string_end);
} }
return 0; return 0;
} }
char *str_replace(char *input, char *search, char *replace)
{
char *string_ptr, *match_ptr;
int offset = strlen(search);
char *output = malloc(BUFSIZ);
memset(output, 0, BUFSIZ);
if (! input) return output;
string_ptr = input;
while (match_ptr = strstr(string_ptr, search)) {
strncat(output, string_ptr, match_ptr-string_ptr);
strcat(output, replace);
string_ptr = match_ptr + offset;
}
strcat(output, string_ptr);
return output;
}
}C }C

3
varnish/blocklist-check.vcl
View file

@ -2,12 +2,10 @@ C{
remote_ip = VRT_IP_string(sp, VRT_r_client_ip(sp)); remote_ip = VRT_IP_string(sp, VRT_r_client_ip(sp));
forwarded_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:"); forwarded_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:");
useragent = VRT_GetHdr(sp, HDR_REQ, "\013User-Agent:"); useragent = VRT_GetHdr(sp, HDR_REQ, "\013User-Agent:");
cookie = VRT_GetHdr(sp, HDR_REQ, "\007Cookie:");
char statement[BUFSIZ]; char statement[BUFSIZ];
char *sqlite3_error; char *sqlite3_error;
char *safecookie = str_replace(cookie, "'", "''");
snprintf(statement, BUFSIZ, "SELECT COUNT(*), remote_ip FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s')", remote_ip, forwarded_ip, useragent); snprintf(statement, BUFSIZ, "SELECT COUNT(*), remote_ip FROM blocklist WHERE remote_ip = '%s' AND (forwarded_ip = 'ANY' OR forwarded_ip = '%s') AND (useragent = 'ANY' OR useragent = '%s')", remote_ip, forwarded_ip, useragent);
@ -18,5 +16,4 @@ C{
syslog(LOG_INFO, "SQLite statment: %s", statement); syslog(LOG_INFO, "SQLite statment: %s", statement);
sqlite3_free(sqlite3_error); sqlite3_free(sqlite3_error);
} }
free(safecookie);
}C }C