lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Fix bug with IPv6 in mod_evasive 

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2222 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.20
Stefan Bühler 14 years ago
parent
f08cd32877
commit
543830266c
2 changed files with 35 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      NEWS
  2. 46
      src/mod_evasive.c

1
NEWS
Unescape View File

@ -29,6 +29,7 @@ NEWS
* let spawn-fcgi propagate exit code from spawned fcgi application
* close connection after redirect in trigger_b4_dl (thx icy)
* close connection in mod_magnet if returned status code
* fix bug with IPv6 in mod_evasive (#1579)
- 1.4.19 - 2008-03-10

46
src/mod_evasive.c
Unescape View File

@ -138,24 +138,46 @@ URIHANDLER_FUNC(mod_evasive_uri_handler) {
/* no limit set, nothing to block */
if (p->conf.max_conns == 0) return HANDLER_GO_ON;
switch (con->dst_addr.plain.sa_family) {
case AF_INET:
#ifdef HAVE_IPV6
case AF_INET6:
#endif
break;
default: // Address family not supported
return HANDLER_GO_ON;
};
for (j = 0; j < srv->conns->used; j++) {
connection *c = srv->conns->ptr[j];
/* check if other connections are already actively serving data for the same IP
* we can only ban connections which are already behind the 'read request' state
* */
if (c->dst_addr.ipv4.sin_addr.s_addr == con->dst_addr.ipv4.sin_addr.s_addr &&
c->state > CON_STATE_REQUEST_END) {
conns_by_ip++;
if (conns_by_ip > p->conf.max_conns) {
log_error_write(srv, __FILE__, __LINE__, "ss",
inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
"turned away. Too many connections.");
con->http_status = 403;
return HANDLER_FINISHED;
}
if (c->dst_addr.plain.sa_family != con->dst_addr.plain.sa_family) continue;
if (c->state <= CON_STATE_REQUEST_END) continue;
switch (con->dst_addr.plain.sa_family) {
case AF_INET:
if (c->dst_addr.ipv4.sin_addr.s_addr != con->dst_addr.ipv4.sin_addr.s_addr) continue;
break;
#ifdef HAVE_IPV6
case AF_INET6:
if (0 != memcmp(c->dst_addr.ipv6.sin6_addr.s6_addr, con->dst_addr.ipv6.sin6_addr.s6_addr, 16)) continue;
break;
#endif
default: /* Address family not supported, should never be reached */
continue;
};
conns_by_ip++;
if (conns_by_ip > p->conf.max_conns) {
log_error_write(srv, __FILE__, __LINE__, "ss",
inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
"turned away. Too many connections.");
con->http_status = 403;
return HANDLER_FINISHED;
}
}

Write Preview
Loading…
Cancel
Save