Browse Source

Fix bug with IPv6 in mod_evasive

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2222 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.20
Stefan Bühler 14 years ago
parent
commit
543830266c
  1. 1
      NEWS
  2. 46
      src/mod_evasive.c

1
NEWS

@ -29,6 +29,7 @@ NEWS
* let spawn-fcgi propagate exit code from spawned fcgi application
* close connection after redirect in trigger_b4_dl (thx icy)
* close connection in mod_magnet if returned status code
* fix bug with IPv6 in mod_evasive (#1579)
- 1.4.19 - 2008-03-10

46
src/mod_evasive.c

@ -138,24 +138,46 @@ URIHANDLER_FUNC(mod_evasive_uri_handler) {
/* no limit set, nothing to block */
if (p->conf.max_conns == 0) return HANDLER_GO_ON;
switch (con->dst_addr.plain.sa_family) {
case AF_INET:
#ifdef HAVE_IPV6
case AF_INET6:
#endif
break;
default: // Address family not supported
return HANDLER_GO_ON;
};
for (j = 0; j < srv->conns->used; j++) {
connection *c = srv->conns->ptr[j];
/* check if other connections are already actively serving data for the same IP
* we can only ban connections which are already behind the 'read request' state
* */
if (c->dst_addr.ipv4.sin_addr.s_addr == con->dst_addr.ipv4.sin_addr.s_addr &&
c->state > CON_STATE_REQUEST_END) {
conns_by_ip++;
if (conns_by_ip > p->conf.max_conns) {
log_error_write(srv, __FILE__, __LINE__, "ss",
inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
"turned away. Too many connections.");
con->http_status = 403;
return HANDLER_FINISHED;
}
if (c->dst_addr.plain.sa_family != con->dst_addr.plain.sa_family) continue;
if (c->state <= CON_STATE_REQUEST_END) continue;
switch (con->dst_addr.plain.sa_family) {
case AF_INET:
if (c->dst_addr.ipv4.sin_addr.s_addr != con->dst_addr.ipv4.sin_addr.s_addr) continue;
break;
#ifdef HAVE_IPV6
case AF_INET6:
if (0 != memcmp(c->dst_addr.ipv6.sin6_addr.s6_addr, con->dst_addr.ipv6.sin6_addr.s6_addr, 16)) continue;
break;
#endif
default: /* Address family not supported, should never be reached */
continue;
};
conns_by_ip++;
if (conns_by_ip > p->conf.max_conns) {
log_error_write(srv, __FILE__, __LINE__, "ss",
inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
"turned away. Too many connections.");
con->http_status = 403;
return HANDLER_FINISHED;
}
}

Loading…
Cancel
Save