anti loris

1. --- mod_antiloris.c.orig    2009-07-28 15:27:42.000000000 +0200
2. +++ mod_antiloris.c 2011-09-09 14:22:39.747070300 +0200
3. @@ -1,5 +1,5 @@
4.  /*
5. -   mod_antiloris 0.2
6. +   mod_antiloris 0.5
7.     Copyright (C) 2008 Monshouwer Internet Diensten
8.  
9.     Author: Kees Monshouwer
10. @@ -26,150 +26,160 @@
11.  #include "scoreboard.h"
12.  
13.  #define MODULE_NAME "mod_antiloris"
14. -#define MODULE_VERSION "0.4"
15. +#define MODULE_VERSION "0.5"
16.  
17.  module AP_MODULE_DECLARE_DATA antiloris_module;
18.  
19.  static int server_limit, thread_limit;
20.  
21. -#define antiloris_MAX_PER_IP   5
22. +#define antiloris_MAX_PER_IP 5
23.  
24.  typedef struct
25.  {
26. -    signed int limit;
27. +   signed int limit;
28.  } antiloris_config;
29.  
30.  typedef struct {
31. -    int child_num;
32. -    int thread_num;
33. +   int child_num;
34. +   int thread_num;
35.  } sb_handle;
36.  
37.  
38.  /* Create per-server configuration structure */
39.  static void *create_config(apr_pool_t *p, server_rec *s)
40.  {
41. -    antiloris_config *conf = apr_pcalloc(p, sizeof (*conf));
42. +   antiloris_config *conf = apr_pcalloc(p, sizeof (*conf));
43.  
44. -    conf->limit = antiloris_MAX_PER_IP;
45. -    return conf;
46. +   conf->limit = antiloris_MAX_PER_IP;
47. +   return conf;
48.  }
49. -                                                      
50. +
51.  
52.  /* Parse the IPReadLimit directive */
53.  static const char *ipreadlimit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
54.  {
55. -    antiloris_config *conf = ap_get_module_config(parms->server->module_config, &antiloris_module);
56. -    const char *err = ap_check_cmd_context (parms, GLOBAL_ONLY);
57. -    
58. -    if (err != NULL) {
59. -   return err;
60. -    }
61. -    
62. -    signed long int limit = strtol(arg, (char **) NULL, 10);
63. -
64. -    /* No reasonable person would want more than 2^16. Better would be
65. -       to use LONG_MAX but that causes portability problems on win32 */
66. -    if ((limit > 65535) || (limit < 0)) {
67. -        return "Integer overflow or invalid number";
68. -    }
69. +   signed long int limit;
70. +
71. +   antiloris_config *conf = ap_get_module_config(parms->server->module_config, &antiloris_module);
72. +   const char *err = ap_check_cmd_context (parms, GLOBAL_ONLY);
73. +
74. +   if (err != NULL) {
75. +       return err;
76. +   }
77. +
78. +   limit = strtol(arg, (char **) NULL, 10);
79.  
80. -    conf->limit = limit;
81. -    return NULL;
82. +   /* No reasonable person would want more than 2^16. Better would be
83. +      to use LONG_MAX but that causes portability problems on win32 */
84. +   if ((limit > 65535) || (limit < 0)) {
85. +       return "Integer overflow or invalid number";
86. +   }
87. +
88. +   conf->limit = limit;
89. +   return NULL;
90.  }
91.  
92.  
93.  /* Array describing structure of configuration directives */
94.  static command_rec antiloris_cmds[] = {
95. -    AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections in READ state per IP address"),
96. -    {NULL}
97. +   AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections per IP address"),
98. +   {NULL}
99.  };
100.  
101.  
102.  /* Set up startup-time initialization */
103.  static int post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
104.  {
105. -    void *data;
106. -    const char *userdata_key = "antiloris_init";
107. -    
108. -    /* initialize_module() will be called twice, and if it's a DSO
109. -     * then all static data from the first call will be lost. Only
110. -     * set up our static data on the second call. */
111. -    apr_pool_userdata_get(&data, userdata_key, s->process->pool);
112. -    if (!data) {
113. -   apr_pool_userdata_set((const void *)1, userdata_key,apr_pool_cleanup_null, s->process->pool);
114. -   return OK;
115. -    }
116. +   void *data;
117. +   const char *userdata_key = "antiloris_init";
118.  
119. -    ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
120. -    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
121. -    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
122. -    return OK;
123. +   /* initialize_module() will be called twice, and if it's a DSO
124. +    * then all static data from the first call will be lost. Only
125. +    * set up our static data on the second call. */
126. +   apr_pool_userdata_get(&data, userdata_key, s->process->pool);
127. +   if (!data) {
128. +       apr_pool_userdata_set((const void *)1, userdata_key,apr_pool_cleanup_null, s->process->pool);
129. +       return OK;
130. +   }
131. +
132. +   ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
133. +   ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
134. +   ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
135. +   return OK;
136.  }
137.  
138.  
139.  static int pre_connection(conn_rec *c)
140.  {
141. -    antiloris_config *conf = ap_get_module_config (c->base_server->module_config,  &antiloris_module);
142. -    sb_handle *sbh = c->sbh;
143. -    
144. -    /* loop index variables */
145. -    int i;
146. -    int j;
147. -    
148. -    /* running count of number of connections from this address */
149. -    int ip_count = 0;
150. -    
151. -    /* scoreboard data structure */
152. -    worker_score *ws_record;
153. -    
154. -    ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num];
155. -    apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client));
156. -    
157. -    char *client_ip = ws_record->client;
158. -    
159. -    /* Count up the number of connections we are handling right now from this IP address */
160. -    for (i = 0; i < server_limit; ++i) {
161. +   char *client_ip;
162. +
163. +   antiloris_config *conf = ap_get_module_config (c->base_server->module_config,  &antiloris_module);
164. +   sb_handle *sbh = c->sbh;
165. +
166. +   /* loop index variables */
167. +   int i;
168. +   int j;
169. +
170. +   /* running count of number of connections from this address */
171. +   int ip_count = 0;
172. +
173. +   /* scoreboard data structure */
174. +   worker_score *ws_record;
175. +
176. +   ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num];
177. +   apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client));
178. +
179. +   client_ip = ws_record->client;
180. +
181. +   /* Count up the number of connections we are handling right now from this IP address */
182. +   for (i = 0; i < server_limit; ++i) {
183.     for (j = 0; j < thread_limit; ++j) {
184. -           ws_record = ap_get_scoreboard_worker(i, j);
185. -            switch (ws_record->status) {
186. -           case SERVER_BUSY_READ:
187. -                   if (strcmp(client_ip, ws_record->client) == 0)
188. -                   ip_count++;
189. -                    break;
190. -                default:
191. -                   break;
192. -            }
193. -        }
194. -    }
195. -    
196. -    if (ip_count > conf->limit) {
197. -   ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected, too many connections in READ state from %s", c->remote_ip);
198. -   return OK;
199. -    } else {
200. -   return DECLINED;
201. -    }
202. +           ws_record = ap_get_scoreboard_worker(i, j);
203. +           switch (ws_record->status) {
204. +               case SERVER_BUSY_READ:
205. +               case SERVER_BUSY_WRITE:
206. +               case SERVER_BUSY_KEEPALIVE:
207. +               case SERVER_BUSY_DNS:
208. +               case SERVER_BUSY_LOG:
209. +               case SERVER_CLOSING:
210. +               case SERVER_GRACEFUL:
211. +                   if (strcmp(client_ip, ws_record->client) == 0)
212. +                   ip_count++;
213. +                   break;
214. +               default:
215. +                   break;
216. +           }
217. +       }
218. +   }
219. +
220. +   if (ip_count > conf->limit) {
221. +       ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->remote_ip);
222. +       return OK;
223. +   } else {
224. +       return DECLINED;
225. +   }
226.  }
227.  
228.  
229.  static void child_init (apr_pool_t *p, server_rec *s)
230.  {
231. -    ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
232. +   ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
233.  }
234.  
235.  
236.  static void register_hooks(apr_pool_t *p)
237.  {
238. -    ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
239. -    ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
240. -    ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);    
241. +   ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
242. +   ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
243. +   ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);
244.  }
245.  
246.  module AP_MODULE_DECLARE_DATA antiloris_module = {
247. -    STANDARD20_MODULE_STUFF,
248. -    NULL,          /* create per-dir config structures */
249. -    NULL,          /* merge  per-dir    config structures */
250. -    create_config,     /* create per-server config structures */
251. -    NULL,          /* merge  per-server config structures */
252. -    antiloris_cmds,        /* table of config file commands       */
253. -    register_hooks
254. -};
255. +   STANDARD20_MODULE_STUFF,
256. +   NULL,           /* create per-dir config structures */
257. +   NULL,           /* merge  per-dir config structures */
258. +   create_config,      /* create per-server config structures */
259. +   NULL,           /* merge  per-server config structures */
260. +   antiloris_cmds,     /* table of config file commands */
261. +   register_hooks
262. +};
263. \ No newline at end of file