mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-29 13:00:32 +01:00
1154b8fc6f
This is likely related to httpd-2.4.x, but I did a cursory search for patches via Google and was not successful, so... Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
84 lines
3.6 KiB
Diff
84 lines
3.6 KiB
Diff
diff -Nur mod_evasive.orig/mod_evasive20.c mod_evasive/mod_evasive20.c
|
|
--- mod_evasive.orig/mod_evasive20.c 2005-10-08 14:01:18.000000000 -0500
|
|
+++ mod_evasive/mod_evasive20.c 2012-09-21 21:22:19.732985740 -0500
|
|
@@ -139,11 +139,11 @@
|
|
time_t t = time(NULL);
|
|
|
|
/* Check whitelist */
|
|
- if (is_whitelisted(r->connection->remote_ip))
|
|
+ if (is_whitelisted(r->useragent_ip))
|
|
return OK;
|
|
|
|
/* First see if the IP itself is on "hold" */
|
|
- n = ntt_find(hit_list, r->connection->remote_ip);
|
|
+ n = ntt_find(hit_list, r->useragent_ip);
|
|
|
|
if (n != NULL && t-n->timestamp<blocking_period) {
|
|
|
|
@@ -155,14 +155,14 @@
|
|
} else {
|
|
|
|
/* Has URI been hit too much? */
|
|
- snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
|
|
+ snprintf(hash_key, 2048, "%s_%s", r->useragent_ip, r->uri);
|
|
n = ntt_find(hit_list, hash_key);
|
|
if (n != NULL) {
|
|
|
|
/* If URI is being hit too much, add to "hold" list and 403 */
|
|
if (t-n->timestamp<page_interval && n->count>=page_count) {
|
|
ret = HTTP_FORBIDDEN;
|
|
- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
|
|
+ ntt_insert(hit_list, r->useragent_ip, time(NULL));
|
|
} else {
|
|
|
|
/* Reset our hit count list as necessary */
|
|
@@ -177,14 +177,14 @@
|
|
}
|
|
|
|
/* Has site been hit too much? */
|
|
- snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
|
|
+ snprintf(hash_key, 2048, "%s_SITE", r->useragent_ip);
|
|
n = ntt_find(hit_list, hash_key);
|
|
if (n != NULL) {
|
|
|
|
/* If site is being hit too much, add to "hold" list and 403 */
|
|
if (t-n->timestamp<site_interval && n->count>=site_count) {
|
|
ret = HTTP_FORBIDDEN;
|
|
- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
|
|
+ ntt_insert(hit_list, r->useragent_ip, time(NULL));
|
|
} else {
|
|
|
|
/* Reset our hit count list as necessary */
|
|
@@ -205,27 +205,27 @@
|
|
struct stat s;
|
|
FILE *file;
|
|
|
|
- snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
|
|
+ snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->useragent_ip);
|
|
if (stat(filename, &s)) {
|
|
file = fopen(filename, "w");
|
|
if (file != NULL) {
|
|
fprintf(file, "%ld\n", getpid());
|
|
fclose(file);
|
|
|
|
- LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip);
|
|
+ LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->useragent_ip);
|
|
if (email_notify != NULL) {
|
|
snprintf(filename, sizeof(filename), MAILER, email_notify);
|
|
file = popen(filename, "w");
|
|
if (file != NULL) {
|
|
fprintf(file, "To: %s\n", email_notify);
|
|
- fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip);
|
|
- fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip);
|
|
+ fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->useragent_ip);
|
|
+ fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->useragent_ip);
|
|
pclose(file);
|
|
}
|
|
}
|
|
|
|
if (system_command != NULL) {
|
|
- snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip);
|
|
+ snprintf(filename, sizeof(filename), system_command, r->useragent_ip);
|
|
system(filename);
|
|
}
|
|
|