This is no update, but will unbreak this port: patch-mod_evasive20.c --- mod_evasive20.c.orig 2015-07-03 17:42:29 UTC +++ mod_evasive20.c @@ -139,11 +139,11 @@ static int access_checker(request_rec *r time_t t = time(NULL); /* Check whitelist */ - if (is_whitelisted(r->connection->remote_ip)) + if (is_whitelisted(r->connection->client_ip)) return OK; /* First see if the IP itself is on "hold" */ - n = ntt_find(hit_list, r->connection->remote_ip); + n = ntt_find(hit_list, r->connection->client_ip); if (n != NULL && t-n->timestamp<blocking_period) { @@ -155,14 +155,14 @@ static int access_checker(request_rec *r } else { /* Has URI been hit too much? */ - snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri); + snprintf(hash_key, 2048, "%s_%s", r->connection->client_ip, r->uri); n = ntt_find(hit_list, hash_key); if (n != NULL) { /* If URI is being hit too much, add to "hold" list and 403 */ if (t-n->timestamp<page_interval && n->count>=page_count) { ret = HTTP_FORBIDDEN; - ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); + ntt_insert(hit_list, r->connection->client_ip, time(NULL)); } else { /* Reset our hit count list as necessary */ @@ -177,14 +177,14 @@ static int access_checker(request_rec *r } /* Has site been hit too much? */ - snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip); + snprintf(hash_key, 2048, "%s_SITE", r->connection->client_ip); n = ntt_find(hit_list, hash_key); if (n != NULL) { /* If site is being hit too much, add to "hold" list and 403 */ if (t-n->timestamp<site_interval && n->count>=site_count) { ret = HTTP_FORBIDDEN; - ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); + ntt_insert(hit_list, r->connection->client_ip, time(NULL)); } else { /* Reset our hit count list as necessary */ @@ -205,27 +205,27 @@ static int access_checker(request_rec *r struct stat s; FILE *file; - snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip); + snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->client_ip); if (stat(filename, &s)) { file = fopen(filename, "w"); if (file != NULL) { fprintf(file, "%ld\n", getpid()); fclose(file); - LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip); + LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->client_ip); if (email_notify != NULL) { snprintf(filename, sizeof(filename), MAILER, email_notify); file = popen(filename, "w"); if (file != NULL) { fprintf(file, "To: %s\n", email_notify); - fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip); - fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip); + fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->client_ip); + fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->client_ip); pclose(file); } } if (system_command != NULL) { - snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip); + snprintf(filename, sizeof(filename), system_command, r->connection->client_ip); system(filename); }
Thanks for your submission Walter. Could you attach your proposed change as a unified diff (via svn diff or diff -U) against ports head please. Also, does upstream have this bugfix in an unreleased version and do you have plans to submit it upstream if not?
It's simply. the only changes are replaced the variable remote_ip with client_ip. I wonder nobody realised that. I had also patches for mod_bw and mod_cband. The had similar changes. Mod_cband is a little more complicated. The patch for mod_evasive need also changes in the port Makefile, (I made a dirty hack for me) but I could not (cleanly) figure out this (there are to much macros i don't know very good). But I think someone with more experience will this do easier. My mother language is german, I don't really understand your upstream question.
I am thinking more people want have this modules for apache. That's the reason I do it. Please tell me if I should send the the patches for the two other ports and if I should do it here or make a PR for each.
Created attachment 158387 [details] diff_mod_evasive.c This is the wanted diff-file.
If I understand your question right "to submit it upstream" I will say yes.
Forgot I make the command "diff mod_evasive20.c.orig mod_evasive20.c". mod_evasive.c and mod_evasive20.c both in the work/mod_evasive directory seen the same files. A Makefile command copies mod_evasive to mod_evasive20.c. I had in my port already mod_evasive20.c. But it should be in the new version mod_evasive24.c. I copied with a Makefile command, but this surely not the right way. The version numbers are one of the problems with the port Makefile I had.
Also found a newer version: mod_evasive24.c from the author on Github. I have this not tested yet https://github.com/shivaas/mod_evasive/blob/master/mod_evasive24.c
Oh, I see upstream is the project from the program. No I have not send it to them. A look in the code of the above sent version from the author tells me it's the better way to fix the port.
I puzzled some things yesterday. My patch is surely for the existing mod_evasiv port. The version from the author will be a complete new port (e.g mod_evasive24).
Created attachment 158472 [details] svn-diff
Thanks Walter, however the new patch includes the work/ directory which shouldnt be included. Please `make clean` before running the diff, and additionally, I suggest using the `make makepatch` command to produce the files/ patch file. It will name and format is correctly. For instructions see: https://www.freebsd.org/doc/en/books/porters-handbook/slow-patch.html
thank you,I did some other things, and overlooked that I haven't done make clean, sorry.
Created attachment 158474 [details] svn-diff_new_version
Hi there, I agreed ;) By the way I no longer use apache so that's why this port is no longer updated by me. If Walter want the maintership I send the green light :) Regards, Xavier
I would do it, but I need explanations how some things work, with freshports, and to get it in the official ports tree etc.
Created attachment 160830 [details] patch-Makefile.diff
Ok, I will take maintainership.