diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-09-11 18:59:58 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-11 18:59:58 +0200 |
commit | ce38f8be741a8b618dfac9d2f6f166a6e3954e45 (patch) | |
tree | 67c2d67bc1c180bb2be80e12b6d07bf9ef42446f /Bugzilla/ModPerl | |
parent | d3cf76c62299d9ff9e3589a3c159571711d8d186 (diff) | |
download | bugzilla-ce38f8be741a8b618dfac9d2f6f166a6e3954e45.tar.gz bugzilla-ce38f8be741a8b618dfac9d2f6f166a6e3954e45.tar.xz |
Bug 1393888 - Write httpd access handler to block by ip address stored in memcached
Diffstat (limited to 'Bugzilla/ModPerl')
-rw-r--r-- | Bugzilla/ModPerl/BlockIP.pm | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/Bugzilla/ModPerl/BlockIP.pm b/Bugzilla/ModPerl/BlockIP.pm new file mode 100644 index 000000000..4e9a4be5c --- /dev/null +++ b/Bugzilla/ModPerl/BlockIP.pm @@ -0,0 +1,65 @@ +package Bugzilla::ModPerl::BlockIP; +use 5.10.1; +use strict; +use warnings; + +use Apache2::RequestRec (); +use Apache2::Connection (); + +use Apache2::Const -compile => qw(OK); +use Cache::Memcached::Fast; + +use constant BLOCK_TIMEOUT => 60*60; + +my $MEMCACHED = Bugzilla::Memcached->_new()->{memcached}; +my $STATIC_URI = qr{ + ^/ + (?: extensions/[^/]+/web + | robots\.txt + | __heartbeat__ + | __lbheartbeat__ + | __version__ + | images + | skins + | js + | errors + ) +}xms; + +sub block_ip { + my ($class, $ip) = @_; + $MEMCACHED->set("block_ip:$ip" => 1, BLOCK_TIMEOUT) if $MEMCACHED; +} + +sub unblock_ip { + my ($class, $ip) = @_; + $MEMCACHED->delete("block_ip:$ip") if $MEMCACHED; +} + +sub handler { + my $r = shift; + return Apache2::Const::OK if $r->uri =~ $STATIC_URI; + + my $ip = $r->headers_in->{'X-Forwarded-For'}; + if ($ip) { + $ip = (split(/\s*,\s*/ms, $ip))[-1]; + } + else { + $ip = $r->connection->remote_ip; + } + + if ($MEMCACHED && $MEMCACHED->get("block_ip:$ip")) { + __PACKAGE__->block_ip($ip); + $r->status_line("429 Too Many Requests"); + # 500 is used here because apache 2.2 doesn't understand 429. + # the above line and the return value together mean we produce 429. + # Any other variation doesn't work. + $r->custom_response(500, "Too Many Requests"); + return 429; + } + else { + return Apache2::Const::OK; + } +} + +1; |