Attachment #161575 for bug #203454

View | Details | Raw Unified | Return to bug 203454
Collapse All | Expand All





PORTNAME=	mod_evasive
PORTVERSION=	1.10.1
PORTREVISION=	2
CATEGORIES=	www security
MASTER_SITES=	http://www.zdziarski.com/blog/wp-content/uploads/2010/02/
DISTNAME=	mod_evasive_${PORTVERSION}
DIST_SUBDIR=	apache2

MAINTAINER=	w.schwarzenfeld@utanet.at
COMMENT=	Apache module to try to protect the HTTP Server from DoS/DDoS attacks

LICENSE=	GPLv2


WRKSRC=		${WRKDIR}/${PORTNAME}

USE_APACHE=	22+
AP_FAST_BUILD=	yes
AP_GENPLIST=	yes
MODULENAME=	${PORTNAME}20




--- mod_evasive20.c.orig	2015-07-05 17:29:09 UTC
+++ mod_evasive20.c
@@ -115,6 +115,7 @@ static void * create_hit_list(apr_pool_t
     /* Create a new hit list for this listener */
 
     hit_list = ntt_create(hash_table_size);
+    return 0;	
 }
 
 static const char *whitelist(cmd_parms *cmd, void *dconfig, const char *ip)
@@ -139,11 +140,11 @@ static int access_checker(request_rec *r
       time_t t = time(NULL);
 
       /* Check whitelist */
-      if (is_whitelisted(r->connection->remote_ip)) 
+      if (is_whitelisted(r->connection->client_ip)) 
         return OK;
 
       /* First see if the IP itself is on "hold" */
-      n = ntt_find(hit_list, r->connection->remote_ip);
+      n = ntt_find(hit_list, r->connection->client_ip);
 
       if (n != NULL && t-n->timestamp<blocking_period) {
  
@@ -155,14 +156,14 @@ static int access_checker(request_rec *r
       } else {
 
         /* Has URI been hit too much? */
-        snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
+        snprintf(hash_key, 2048, "%s_%s", r->connection->client_ip, r->uri);
         n = ntt_find(hit_list, hash_key);
         if (n != NULL) {
 
           /* If URI is being hit too much, add to "hold" list and 403 */
           if (t-n->timestamp<page_interval && n->count>=page_count) {
             ret = HTTP_FORBIDDEN;
-            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
+            ntt_insert(hit_list, r->connection->client_ip, time(NULL));
           } else {
 
             /* Reset our hit count list as necessary */
@@ -177,14 +178,14 @@ static int access_checker(request_rec *r
         }
 
         /* Has site been hit too much? */
-        snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
+        snprintf(hash_key, 2048, "%s_SITE", r->connection->client_ip);
         n = ntt_find(hit_list, hash_key);
         if (n != NULL) {
 
           /* If site is being hit too much, add to "hold" list and 403 */
           if (t-n->timestamp<site_interval && n->count>=site_count) {
             ret = HTTP_FORBIDDEN;
-            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
+            ntt_insert(hit_list, r->connection->client_ip, time(NULL));
           } else {
 
             /* Reset our hit count list as necessary */
@@ -204,28 +205,29 @@ static int access_checker(request_rec *r
         char filename[1024];
         struct stat s;
         FILE *file;
+	int getpid();
 
-        snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
+        snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->client_ip);
         if (stat(filename, &s)) {
           file = fopen(filename, "w");
           if (file != NULL) {
-            fprintf(file, "%ld\n", getpid());
+            fprintf(file, "%d\n", getpid());
             fclose(file);
 
-            LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip);
+            LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->client_ip);
             if (email_notify != NULL) {
               snprintf(filename, sizeof(filename), MAILER, email_notify);
               file = popen(filename, "w");
               if (file != NULL) {
                 fprintf(file, "To: %s\n", email_notify);
-                fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip);
-                fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip);
+                fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->client_ip);
+                fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->client_ip);
                 pclose(file);
               }
             }
 
             if (system_command != NULL) {
-              snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip);
+              snprintf(filename, sizeof(filename), system_command, r->connection->client_ip);
               system(filename);
             }
  
@@ -298,6 +300,7 @@ static apr_status_t destroy_hit_list(voi
   ntt_destroy(hit_list);
   free(email_notify);
   free(system_command);
+  return 0;
 }
 
 

Return to bug 203454

Lines 3-15 Link Here

(-)Makefile (-3 / +3 lines)
3		3
4	PORTNAME= mod_evasive	4	PORTNAME= mod_evasive
5	PORTVERSION= 1.10.1	5	PORTVERSION= 1.10.1
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= www security	7	CATEGORIES= www security
8	MASTER_SITES= http://www.zdziarski.com/blog/wp-content/uploads/2010/02/	8	MASTER_SITES= http://www.zdziarski.com/blog/wp-content/uploads/2010/02/
9	DISTNAME= mod_evasive_${PORTVERSION}	9	DISTNAME= mod_evasive_${PORTVERSION}
10	DIST_SUBDIR= apache2	10	DIST_SUBDIR= apache2
11		11
12	MAINTAINER= kiwi@oav.net	12	MAINTAINER= w.schwarzenfeld@utanet.at
13	COMMENT= Apache module to try to protect the HTTP Server from DoS/DDoS attacks	13	COMMENT= Apache module to try to protect the HTTP Server from DoS/DDoS attacks
14		14
15	LICENSE= GPLv2	15	LICENSE= GPLv2
Lines 16-22 Link Here
16		16
17	WRKSRC= ${WRKDIR}/${PORTNAME}	17	WRKSRC= ${WRKDIR}/${PORTNAME}
18		18
19	USE_APACHE= 22	19	USE_APACHE= 22+
20	AP_FAST_BUILD= yes	20	AP_FAST_BUILD= yes
21	AP_GENPLIST= yes	21	AP_GENPLIST= yes
22	MODULENAME= ${PORTNAME}20	22	MODULENAME= ${PORTNAME}20

Line 0 Link Here

(-)files/patch-mod_evasive20.c (+102 lines)
		1	--- mod_evasive20.c.orig 2015-07-05 17:29:09 UTC
		2	+++ mod_evasive20.c
		3	@@ -115,6 +115,7 @@ static void * create_hit_list(apr_pool_t
		4	/* Create a new hit list for this listener */
		5
		6	hit_list = ntt_create(hash_table_size);
		7	+ return 0;
		8	}
		9
		10	static const char whitelist(cmd_parms cmd, void dconfig, const char ip)
		11	@@ -139,11 +140,11 @@ static int access_checker(request_rec *r
		12	time_t t = time(NULL);
		13
		14	/* Check whitelist */
		15	- if (is_whitelisted(r->connection->remote_ip))
		16	+ if (is_whitelisted(r->connection->client_ip))
		17	return OK;
		18
		19	/* First see if the IP itself is on "hold" */
		20	- n = ntt_find(hit_list, r->connection->remote_ip);
		21	+ n = ntt_find(hit_list, r->connection->client_ip);
		22
		23	if (n != NULL && t-n->timestamp<blocking_period) {
		24
		25	@@ -155,14 +156,14 @@ static int access_checker(request_rec *r
		26	} else {
		27
		28	/* Has URI been hit too much? */
		29	- snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
		30	+ snprintf(hash_key, 2048, "%s_%s", r->connection->client_ip, r->uri);
		31	n = ntt_find(hit_list, hash_key);
		32	if (n != NULL) {
		33
		34	/* If URI is being hit too much, add to "hold" list and 403 */
		35	if (t-n->timestamp<page_interval && n->count>=page_count) {
		36	ret = HTTP_FORBIDDEN;
		37	- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
		38	+ ntt_insert(hit_list, r->connection->client_ip, time(NULL));
		39	} else {
		40
		41	/* Reset our hit count list as necessary */
		42	@@ -177,14 +178,14 @@ static int access_checker(request_rec *r
		43	}
		44
		45	/* Has site been hit too much? */
		46	- snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
		47	+ snprintf(hash_key, 2048, "%s_SITE", r->connection->client_ip);
		48	n = ntt_find(hit_list, hash_key);
		49	if (n != NULL) {
		50
		51	/* If site is being hit too much, add to "hold" list and 403 */
		52	if (t-n->timestamp<site_interval && n->count>=site_count) {
		53	ret = HTTP_FORBIDDEN;
		54	- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
		55	+ ntt_insert(hit_list, r->connection->client_ip, time(NULL));
		56	} else {
		57
		58	/* Reset our hit count list as necessary */
		59	@@ -204,28 +205,29 @@ static int access_checker(request_rec *r
		60	char filename[1024];
		61	struct stat s;
		62	FILE *file;
		63	+ int getpid();
		64
65	- snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
66	+ snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->client_ip);
67	if (stat(filename, &s)) {
68	file = fopen(filename, "w");
69	if (file != NULL) {
70	- fprintf(file, "%ld\n", getpid());
71	+ fprintf(file, "%d\n", getpid());
72	fclose(file);
73
74	- LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip);
75	+ LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->client_ip);
76	if (email_notify != NULL) {
77	snprintf(filename, sizeof(filename), MAILER, email_notify);
78	file = popen(filename, "w");
79	if (file != NULL) {
80	fprintf(file, "To: %s\n", email_notify);
81	- fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip);
82	- fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip);
83	+ fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->client_ip);
84	+ fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->client_ip);
85	pclose(file);
86	}
87	}
88
89	if (system_command != NULL) {
90	- snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip);
91	+ snprintf(filename, sizeof(filename), system_command, r->connection->client_ip);
92	system(filename);
93	}
94
95	@@ -298,6 +300,7 @@ static apr_status_t destroy_hit_list(voi
96	ntt_destroy(hit_list);
97	free(email_notify);
98	free(system_command);
99	+ return 0;
100	}
101
102