Merge pull request #2 from Fabian123333/refactor-filter-hooks

Refactor filter hooks

Author: Fabian123333

anti_ddos_worker.cpp

@@ -48,6 +48,11 @@ class AntiDDoSWorker{
 //			LoadConfig();
 			ConnectRedisServer();
 		}
+	
+		static int PostContentHook(ap_filter_t* f, apr_bucket_brigade* bb) {
+			// todo
+			return DECLINED;
+		}
 
 		static int PostRequestHook(request_rec *r){
     		// ignore whitelist
@@ -59,8 +64,8 @@ class AntiDDoSWorker{
 
 			int score = 0;
 
-			for(int i = 0; i < Config::Filters().Count(); i++){
-				score += Config::Filters().Get(i).GetScore(r, true);
+			for(int i = 0; i < Config::FiltersPostRequest().Count(); i++){
+				score += Config::FiltersPostRequest().Get(i).GetScore(r, true);
 			}
 
 			if(score > 0){
@@ -109,8 +114,8 @@ class AntiDDoSWorker{
 
 			int score = 0;
 
-			for(int i = 0; i < Config::Filters().Count(); i++){
-				score += Config::Filters().Get(i).GetScore(r);
+			for(int i = 0; i < Config::FiltersPreRequest().Count(); i++){
+				score += Config::FiltersPreRequest().Get(i).GetScore(r);
 			}
 
 			if(score > 0){

char_list.cpp

@@ -2,6 +2,9 @@
 #include <iostream>
 #include <cstdlib>
 
+// uint16_t
+#include <cstdint>
+
 // pow
 #include <cmath>
 
@@ -200,4 +203,4 @@ class CharList{
 
 			return network_ip == network_cidr;
 		}
-};
+};

config.cpp

@@ -21,7 +21,9 @@ using json = nlohmann::json;
 class Config{
 	public:
 		Config(){
-			filters = FilterList();
+			filtersPreRequest = FilterList();
+			filtersPostRequest = FilterList();
+			filtersPostContent = FilterList();
 			whitelist = CharList();
 		}
 
@@ -143,7 +145,14 @@ class Config{
 					newFilter.SetRefeer(tmp);
 					free(tmp);
 				}catch(const std::exception& e){}
-								
+				
+				try{
+					char* tmp = (char*)malloc(el.value()["content"].get<std::string>().length());
+					strcpy(tmp, el.value()["content"].get<std::string>().c_str());
+					newFilter.SetContent(tmp);
+					free(tmp);
+				}catch(const std::exception& e){}
+				
 				try{
 					char* tmp = (char*)malloc(el.value()["request"].get<std::string>().length());
 					strcpy(tmp, el.value()["request"].get<std::string>().c_str());
@@ -181,15 +190,31 @@ class Config{
 				try{
 					newFilter.SetApplyForAssets(el.value()["applyForAssets"]);
 				}catch(const std::exception& e){}
+				
+				if(newFilter.GetContent() != NULL){
+					filtersPostContent.Add(newFilter);					
+				}
+				else if(newFilter.GetStatusCode() != 0){
+					filtersPostRequest.Add(newFilter);
+				} else {	
+					filtersPreRequest.Add(newFilter);
+				}
 
-				filters.Add(newFilter);
 			}
 
 			f.close();
 		}
 
-		static FilterList Filters(){
-			return filters;
+		static FilterList FiltersPreRequest(){
+			return filtersPreRequest;
+		}
+	
+		static FilterList FiltersPostRequest(){
+			return filtersPostRequest;
+		}
+
+		static FilterList FiltersPostContent(){
+			return filtersPostContent;
 		}
 
 		static int TickDown(){
@@ -248,7 +273,9 @@ class Config{
 		static int maxHits;
 		static int tickDown;
 		static int blockTime;
-		static FilterList filters;
+		static FilterList filtersPreRequest;
+		static FilterList filtersPostRequest;
+		static FilterList filtersPostContent;
 		static Filter* defaults;
 		static CharList whitelist;
 
@@ -266,7 +293,9 @@ int Config::maxHits = 1000;
 int Config::tickDown = 5;
 int Config::blockTime = 60;
 Filter* Config::defaults;
-FilterList Config::filters;
+FilterList Config::filtersPreRequest;
+FilterList Config::filtersPostRequest;
+FilterList Config::filtersPostContent;
 CharList Config::whitelist;
 
 char* Config::blockCommandFormat;

filter.cpp

@@ -26,6 +26,9 @@ class Filter{
 		char* GetMethod(){
 			return method;
 		}
+		char* GetContent(){
+			return content;
+		}
 		int GetStatusCode(){
 			return statusCode;
 		}
@@ -70,6 +73,11 @@ class Filter{
 			method = toLowerCase(value);
 		}
 
+		void SetContent(const char* c){
+			content = (char*)malloc(strlen(c));
+			strcpy(content, c);
+		}
+	
 		void SetStatusCode(int value){
 			statusCode = value;	
 		}	
@@ -107,16 +115,6 @@ class Filter{
 		}
 
 		int GetScore(request_rec *r, bool postRequest = false){
-			// status code only available after request
-			if(GetStatusCode() == 0 && postRequest)
-				return 0;
-				
-			if(GetStatusCode() != 0 && !postRequest)
-				return 0;
-			
-			if(r->status != GetStatusCode() && GetStatusCode() != 0)
-				return 0;
-			
 			if(!ApplyForAssets()){
 				if(UrlIsAsset(r->unparsed_uri)){
 //					std::cerr << "skipped asset request on " << r->unparsed_uri << "\n";
@@ -209,6 +207,7 @@ class Filter{
 		char* refeer;
 		char* request;
 		char* method;
+		char* content;
 		int statusCode = 0;
 		int score = 1;
 		bool useRegex = false;

mod_antiddos.c

@@ -9,6 +9,7 @@ static void module_register_hooks(apr_pool_t *p)
 {
     ap_hook_handler(AntiDDoSWorker::PreRequestHook, NULL, NULL, APR_HOOK_FIRST);
 	ap_hook_log_transaction(AntiDDoSWorker::PostRequestHook , NULL, NULL, APR_HOOK_MIDDLE);
+	//ap_register_output_filter("antiddos_output_filter", AntiDDoSWorker::PostContentHook, NULL, AP_FTYPE_RESOURCE);
     ap_hook_post_config(AntiDDoSWorker::PostConfigHook, NULL, NULL, APR_HOOK_MIDDLE);
 }