From a1346aa071a27c7cca28bc47747e944d0bd0919e Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 8 Nov 2023 19:11:00 +0100 Subject: [PATCH] httpd: fixed logging of refused requests due to rate limiting/blocklisting Signed-off-by: Nicola Murino --- internal/httpd/httpd_test.go | 6 +++--- internal/httpd/server.go | 14 +++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go index bfadf5cd..ae3c35d3 100644 --- a/internal/httpd/httpd_test.go +++ b/internal/httpd/httpd_test.go @@ -12488,7 +12488,7 @@ func TestDefender(t *testing.T) { req.RemoteAddr = remoteAddr rr = executeRequest(req) checkResponseCode(t, http.StatusForbidden, rr) - assert.Contains(t, rr.Body.String(), "your IP address is banned") + assert.Contains(t, rr.Body.String(), "your IP address is blocked") req, _ = http.NewRequest(http.MethodGet, webUsersPath, nil) req.RequestURI = webUsersPath @@ -12496,7 +12496,7 @@ func TestDefender(t *testing.T) { req.RemoteAddr = remoteAddr rr = executeRequest(req) checkResponseCode(t, http.StatusForbidden, rr) - assert.Contains(t, rr.Body.String(), "your IP address is banned") + assert.Contains(t, rr.Body.String(), "your IP address is blocked") req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil) req.Header.Set("X-Real-IP", "127.0.0.1:2345") @@ -12504,7 +12504,7 @@ func TestDefender(t *testing.T) { req.RemoteAddr = remoteAddr rr = executeRequest(req) checkResponseCode(t, http.StatusForbidden, rr) - assert.Contains(t, rr.Body.String(), "your IP address is banned") + assert.Contains(t, rr.Body.String(), "your IP address is blocked") _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) diff --git a/internal/httpd/server.go b/internal/httpd/server.go index d48743bf..9de3c443 100644 --- a/internal/httpd/server.go +++ b/internal/httpd/server.go @@ -1051,7 +1051,7 @@ func (s *httpdServer) updateContextFromCookie(r *http.Request) *http.Request { return r } -func (s *httpdServer) checkConnection(next http.Handler) http.Handler { +func (s *httpdServer) parseHeaders(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr) var ip net.IP @@ -1083,6 +1083,13 @@ func (s *httpdServer) checkConnection(next http.Handler) http.Handler { } } + next.ServeHTTP(w, r) + }) +} + +func (s *httpdServer) checkConnection(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr) common.Connections.AddClientConnection(ipAddr) defer common.Connections.RemoveClientConnection(ipAddr) @@ -1092,7 +1099,7 @@ func (s *httpdServer) checkConnection(next http.Handler) http.Handler { return } if common.IsBanned(ipAddr, common.ProtocolHTTP) { - s.sendForbiddenResponse(w, r, "your IP address is banned") + s.sendForbiddenResponse(w, r, "your IP address is blocked") return } if delay, err := common.LimitRate(common.ProtocolHTTP, ipAddr); err != nil { @@ -1190,9 +1197,10 @@ func (s *httpdServer) initializeRouter() { s.router = chi.NewRouter() s.router.Use(middleware.RequestID) - s.router.Use(s.checkConnection) + s.router.Use(s.parseHeaders) s.router.Use(logger.NewStructuredLogger(logger.GetLogger())) s.router.Use(middleware.Recoverer) + s.router.Use(s.checkConnection) if s.binding.Security.Enabled { secureMiddleware := secure.New(secure.Options{ AllowedHosts: s.binding.Security.AllowedHosts,