beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

httpd: fixed logging of refused requests due to rate limiting/blocklisting

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-11-08 19:11:00 +01:00
parent 894e12e285
commit a1346aa071
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/httpd/httpd_test.go
View file

@ -12488,7 +12488,7 @@ func TestDefender(t *testing.T) {
req.RemoteAddr = remoteAddr req.RemoteAddr = remoteAddr
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr) checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "your IP address is banned") assert.Contains(t, rr.Body.String(), "your IP address is blocked")
req, _ = http.NewRequest(http.MethodGet, webUsersPath, nil) req, _ = http.NewRequest(http.MethodGet, webUsersPath, nil)
req.RequestURI = webUsersPath req.RequestURI = webUsersPath
@ -12496,7 +12496,7 @@ func TestDefender(t *testing.T) {
req.RemoteAddr = remoteAddr req.RemoteAddr = remoteAddr
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr) checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "your IP address is banned") assert.Contains(t, rr.Body.String(), "your IP address is blocked")
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil) req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
req.Header.Set("X-Real-IP", "127.0.0.1:2345") req.Header.Set("X-Real-IP", "127.0.0.1:2345")
@ -12504,7 +12504,7 @@ func TestDefender(t *testing.T) {
req.RemoteAddr = remoteAddr req.RemoteAddr = remoteAddr
rr = executeRequest(req) rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr) checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "your IP address is banned") assert.Contains(t, rr.Body.String(), "your IP address is blocked")
_, err = httpdtest.RemoveUser(user, http.StatusOK) _, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err) assert.NoError(t, err)

14
internal/httpd/server.go
View file

@ -1051,7 +1051,7 @@ func (s *httpdServer) updateContextFromCookie(r *http.Request) *http.Request {
return r return r
} }
func (s *httpdServer) checkConnection(next http.Handler) http.Handler { func (s *httpdServer) parseHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr) ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
var ip net.IP var ip net.IP
@ -1083,6 +1083,13 @@ func (s *httpdServer) checkConnection(next http.Handler) http.Handler {
} }
} }
next.ServeHTTP(w, r)
})
}
func (s *httpdServer) checkConnection(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
common.Connections.AddClientConnection(ipAddr) common.Connections.AddClientConnection(ipAddr)
defer common.Connections.RemoveClientConnection(ipAddr) defer common.Connections.RemoveClientConnection(ipAddr)
@ -1092,7 +1099,7 @@ func (s *httpdServer) checkConnection(next http.Handler) http.Handler {
return return
} }
if common.IsBanned(ipAddr, common.ProtocolHTTP) { if common.IsBanned(ipAddr, common.ProtocolHTTP) {
s.sendForbiddenResponse(w, r, "your IP address is banned") s.sendForbiddenResponse(w, r, "your IP address is blocked")
return return
} }
if delay, err := common.LimitRate(common.ProtocolHTTP, ipAddr); err != nil { if delay, err := common.LimitRate(common.ProtocolHTTP, ipAddr); err != nil {
@ -1190,9 +1197,10 @@ func (s *httpdServer) initializeRouter() {
s.router = chi.NewRouter() s.router = chi.NewRouter()
s.router.Use(middleware.RequestID) s.router.Use(middleware.RequestID)
s.router.Use(s.checkConnection) s.router.Use(s.parseHeaders)
s.router.Use(logger.NewStructuredLogger(logger.GetLogger())) s.router.Use(logger.NewStructuredLogger(logger.GetLogger()))
s.router.Use(middleware.Recoverer) s.router.Use(middleware.Recoverer)
s.router.Use(s.checkConnection)
if s.binding.Security.Enabled { if s.binding.Security.Enabled {
secureMiddleware := secure.New(secure.Options{ secureMiddleware := secure.New(secure.Options{
AllowedHosts: s.binding.Security.AllowedHosts, AllowedHosts: s.binding.Security.AllowedHosts,