summaryrefslogtreecommitdiff
path: root/src/mod_evasive.c
Commit message (Collapse)AuthorAgeFilesLines
* [mod_evasive] update comment to add referencesGlenn Strauss2021-11-151-2/+13
| | | | | update comment to add references to other modules and mechanisms available in lighttpd to enforce security policy
* [mod_evasive] smaller funcs for testingGlenn Strauss2021-11-151-23/+27
|
* [core] change srv->conns to doubly-linked-listGlenn Strauss2021-09-081-5/+3
| | | | avoids separate memory allocation for list of pointers
* [multiple] inline struct in con->dst_addr_bufGlenn Strauss2021-08-271-1/+1
| | | | | (mod_extforward recently changed to use buffer_move() to save addr instead of swapping pointers)
* [multiple] reduce redundant NULL buffer checksGlenn Strauss2021-08-271-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
* [multiple] split con, request (very large change)Glenn Strauss2020-07-081-12/+13
| | | | | | | | | | | | | | | | NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
* [multiple] copy small struct instead of memcpy()Glenn Strauss2020-07-081-1/+2
| | | | when patching config
* [core] store subrequest_handler instead of modeGlenn Strauss2020-07-081-1/+1
| | | | store pointer to module in handler_module instead of con->mode id
* [core] move request state into (request_st *)Glenn Strauss2020-07-081-1/+1
| | | | | NB: in the future, a separate connection state may be needed for connection-level state (different from request state)
* [core] move addtl request-specific struct membersGlenn Strauss2020-07-081-1/+1
|
* [multiple] connection hooks no longer get (srv *)Glenn Strauss2020-07-081-2/+3
| | | | (explicit (server *) not passed; available in con->srv)
* [multiple] prefer (connection *) to (srv *)Glenn Strauss2020-07-081-3/+3
| | | | | | | | convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
* [multiple] plugin.c handles common FREE_FUNC codeGlenn Strauss2020-07-081-12/+0
| | | | (simpler for modules; less boilerplate to cut-n-paste)
* [mod_evasive] use config_plugin_values_init()Glenn Strauss2020-05-231-102/+68
|
* [core] const char *name in struct pluginGlenn Strauss2020-05-231-3/+1
| | | | | | | | put void *data (always used) as first member of struct plugin add int nconfig member to PLUGIN_DATA calloc() inits p->data to NULL
* [core] simpler config_check_cond()Glenn Strauss2020-05-231-3/+2
| | | | | | | optimize for common case where condition has been evaluated for the request and a cached result exists (also: begin isolating data_config)
* [core] inline buffer key for *_patch_connection()Glenn Strauss2020-02-241-3/+3
| | | | | handle buffer key as part of DATA_UNSET in *_patch_connection() (instead of key being (buffer *))
* [core] prefer uint32_t to size_t in base.hGlenn Strauss2020-02-241-4/+2
| | | | | | | even 2 billion is way larger than even extreme operating values expected for the members in base.h include some structs directly in struct server, rather than by ptr
* [multiple] cleaner calloc use in SETDEFAULTS_FUNCMohammed Sadiq2019-04-201-1/+1
| | | | | | | | github: closes #99 x-ref: "cleaner calloc use in SETDEFAULTS_FUNC" https://github.com/lighttpd/lighttpd1.4/pull/99
* [core] abstraction layer for HTTP header manipGlenn Strauss2018-09-231-2/+2
| | | | | | http_header.[ch] convert existing calls to manip request/response headers convert existing calls to manip environment array (often header-related)
* [core] isolate sock_addr manipulationGlenn Strauss2017-10-291-23/+2
|
* [core] use con->dst_addr_buf instead of ip recalcGlenn Strauss2017-03-281-4/+2
| | | | use con->dst_addr_buf over inet_ntop_cache_get_ip(srv, &(con->dst_addr))
* [core] remove some unused header includesGlenn Strauss2017-03-281-1/+0
| | | | remove exposure of stdio.h in buffer.h for print_backtrace(), now static
* [mod_evasive] 302 redirect option if limit reached (fixes #2199)Glenn Strauss2016-05-131-1/+17
| | | | | | x-ref: "[mod_evasive] redirect if maximum connections exceeded" https://redmine.lighttpd.net/issues/2199
* consistent inclusion of config.h at top of files (fixes #2073)Glenn Strauss2016-03-191-0/+2
| | | | | | From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
* [config] check config option scope; warn if server option is given in ↵Stefan Bühler2015-11-071-1/+2
| | | | | | | | conditional From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix segfaults in many plugins if they failed configurationStefan Bühler2015-05-141-0/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2988 152afb58-edef-0310-8abb-c4023f1b3aa9
* Use buffer API to read and modify "used" memberStefan Bühler2015-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | - a lot of code tried to handle manually adding terminating zeroes and keeping track of the correct "used" count. Replaced all "external" usages with simple wrapper functions: * buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0); prefer buffer_string_is_empty * buffer_string_set_length * buffer_string_length * CONST_BUF_LEN() macro - removed "static" buffer hacks (buffers pointing to constant/stack memory instead of malloc()ed data) - buffer_append_strftime(): refactor buffer+strftime uses - li_tohex(): no need for a buffer for binary-to-hex conversion: the output data length is easy to predict - remove "-Winline" from extra warnings: the "inline" keyword just supresses the warning about unused but defined (static) functions; don't care whether it actually gets inlined or not. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix/silence bugs reported by ccc-analyzer (clang)Stefan Bühler2013-11-131-1/+1
| | | | | | | | | | | | | | | | | | | | | These should all be non critical: * memory leaks on startup in error cases (which lead to immediate shutdowns anyway) * http_auth/ldap: passing uninitialized "ret" to ldap_err2string * sizeof(T) not matching the target pointer in malloc/calloc calls; those cases were either: * T being the wrong pointer type - shouldn't matter as long as all pointers have same size * T being larger than the type needed * mod_accesslog: direct use after free in cleanup (server shutdown); could crash before "clean" shutdown * some false positives (mod_compress, mod_expire) * assert(srv->config_context->used > 0); - this is always the case, as there is always a global config block From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix header inclusion order, always include "config.h" before any system headerStefan Bühler2009-10-111-4/+4
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2624 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix evasive.silent option (#1438)Stefan Bühler2009-05-121-2/+3
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2505 152afb58-edef-0310-8abb-c4023f1b3aa9
* Add evasive.silent option (fixes #1438)Stefan Bühler2009-04-261-4/+12
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2481 152afb58-edef-0310-8abb-c4023f1b3aa9
* Added some extra warning options in cmake and fix the resulting warnings ↵Stefan Bühler2009-03-071-0/+1
| | | | | | (unused/static functions) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2414 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix some problems with more strict compilers (#1923)Stefan Bühler2009-03-071-1/+1
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2408 152afb58-edef-0310-8abb-c4023f1b3aa9
* Insert many con->mode checks; they should prevent two modules to handle the ↵Stefan Bühler2008-08-011-0/+1
| | | | | | same request if they shouldn't (#631) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2271 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix bug with IPv6 in mod_evasiveStefan Bühler2008-07-281-12/+34
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2222 152afb58-edef-0310-8abb-c4023f1b3aa9
* - white space cleanup part 2 this time 1.4 ;)Marcus Rückert2006-10-041-32/+32
| | | | | | i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
* - added mod_evasive to the autoconf buildJan Kneschke2006-01-041-1/+5
| | | | | | | - ignore connections from the count which are not yet initialized git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@919 152afb58-edef-0310-8abb-c4023f1b3aa9
* fixed config optionJan Kneschke2005-12-291-1/+1
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@897 152afb58-edef-0310-8abb-c4023f1b3aa9
* added mod_evasive to limit the number of connections by IP ↵Jan Kneschke2005-12-201-0/+174
(<w1zzard@techpowerup.com>) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@896 152afb58-edef-0310-8abb-c4023f1b3aa9
View Lorry Controller Status