Browse Source

[mod_evasive] smaller funcs for testing

master
Glenn Strauss 2 months ago
parent
commit
4288375a23
  1. 50
      src/mod_evasive.c

50
src/mod_evasive.c

@ -122,26 +122,11 @@ SETDEFAULTS_FUNC(mod_evasive_set_defaults) {
return HANDLER_GO_ON;
}
URIHANDLER_FUNC(mod_evasive_uri_handler) {
plugin_data *p = p_d;
mod_evasive_patch_config(r, p);
/* no limit set, nothing to block */
if (p->conf.max_conns == 0) return HANDLER_GO_ON;
sock_addr * const dst_addr = &r->con->dst_addr;
uint32_t conns_by_ip = 0;
for (const connection *c = r->con->srv->conns; c; c = c->next) {
/* check if other connections are already actively serving data for the same IP
* we can only ban connections which are already behind the 'read request' state
*/
if (c->request.state <= CON_STATE_REQUEST_END) continue;
if (!sock_addr_is_addr_eq(&c->dst_addr, dst_addr)) continue;
conns_by_ip++;
if (conns_by_ip > p->conf.max_conns) {
__attribute_cold__
__attribute_noinline__
static handler_t
mod_evasive_reached_per_ip_limit (request_st * const r, const plugin_data * const p)
{
if (!p->conf.silent) {
log_error(r->conf.errh, __FILE__, __LINE__,
"%s turned away. Too many connections.",
@ -159,10 +144,29 @@ URIHANDLER_FUNC(mod_evasive_uri_handler) {
}
r->handler_module = NULL;
return HANDLER_FINISHED;
}
}
}
return HANDLER_GO_ON;
static handler_t
mod_evasive_check_per_ip_limit (request_st * const r, const plugin_data * const p, const connection *c)
{
const sock_addr * const dst_addr = &r->con->dst_addr;
for (uint_fast32_t conns_by_ip = 0; c; c = c->next) {
/* count connections already actively serving data for the same IP
* (only count connections already behind the 'read request' state) */
if (c->request.state > CON_STATE_REQUEST_END
&& sock_addr_is_addr_eq(&c->dst_addr, dst_addr)
&& ++conns_by_ip > p->conf.max_conns)
return mod_evasive_reached_per_ip_limit(r, p);/* HANDLER_FINISHED */
}
return HANDLER_GO_ON;
}
URIHANDLER_FUNC(mod_evasive_uri_handler) {
plugin_data * const p = p_d;
mod_evasive_patch_config(r, p);
return (p->conf.max_conns == 0) /* no limit set, nothing to block */
? HANDLER_GO_ON
: mod_evasive_check_per_ip_limit(r, p, r->con->srv->conns);
}

Loading…
Cancel
Save