github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added SecWriteStateLimit for slow post DoS

Browse Source
This commit is contained in:
brenosilva
2011-05-05 17:01:57 +00:00
parent c78903e988
commit 5eaa1a7345
3 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apache2/mod_security2.c
View File

@@ -57,6 +57,8 @@ unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
unsigned long int DSOLOCAL conn_read_state_limit = 0;
unsigned long int DSOLOCAL conn_write_state_limit = 0;
static int server_limit, thread_limit;
typedef struct {
@@ -1200,13 +1202,13 @@ static int hook_connection_early(conn_rec *conn)
{
sb_handle *sb = conn->sbh;
int i, j;
unsigned long int ip_count = 0;
unsigned long int ip_count = 0, ip_count_w = 0;
worker_score *ws_record = NULL;
#if APR_MAJOR_VERSION > 1
ap_sb_handle_t *sbh = NULL;
#endif
if(sb != NULL && conn_read_state_limit > 0) {
if(sb != NULL && (conn_read_state_limit > 0 || conn_write_state_limit > 0)) {
ws_record = &ap_scoreboard_image->servers[sb->child_num][sb->thread_num];
if(ws_record == NULL)
@@ -1235,15 +1237,22 @@ static int hook_connection_early(conn_rec *conn)
if (strcmp(conn->remote_ip, ws_record->client) == 0)
ip_count++;
break;
case SERVER_BUSY_WRITE:
if (strcmp(conn->remote_ip, ws_record->client) == 0)
ip_count_w++;
break;
default:
break;
}
}
}
if (ip_count > conn_read_state_limit) {
if ((conn_read_state_limit > 0) && (ip_count > conn_read_state_limit)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Access denied with code 400. Too many threads [%ld] of %ld allowed in READ state from %s - Possible DoS Consumption Attack [Rejected]", ip_count,conn_read_state_limit,conn->remote_ip);
return OK;
} else if ((conn_write_state_limit > 0) && (ip_count_w > conn_write_state_limit)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Access denied with code 400. Too many threads [%ld] of %ld allowed in WRITE state from %s - Possible DoS Consumption Attack [Rejected]", ip_count_w,conn_write_state_limit,conn->remote_ip);
return OK;
} else {
return DECLINED;
}