update internal filter structure to improve performance with high number of domain with individual rules

Author: Fabian Schneider

anti_ddos_worker.cpp

@@ -65,7 +65,14 @@ class AntiDDoSWorker{
 			int score = 0;
 
 			for(int i = 0; i < Config::FiltersPostRequest().Count(); i++){
-				score += Config::FiltersPostRequest().Get(i).GetScore(r, true);
+				score += Config::FiltersPostRequest().Get(i).GetScore(r);
+			}
+			
+			for(int i = 0; i < Config::DomainFiltersPostRequest(r->hostname).Count(); i++){
+				ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                	"detect filters for domain from postrequest (%s)", r->hostname);
+				
+				score += Config::DomainFiltersPostRequest(r->hostname).Get(i).GetScore(r);
 			}
 
 			if(score > 0){
@@ -118,6 +125,13 @@ class AntiDDoSWorker{
 				score += Config::FiltersPreRequest().Get(i).GetScore(r);
 			}
 
+			for(int i = 0; i < Config::DomainFiltersPreRequest(r->hostname).Count(); i++){
+				ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                	"detect filters for domain %s", r->hostname);
+				
+				score += Config::DomainFiltersPreRequest(r->hostname).Get(i).GetScore(r);
+			}
+			
 			if(score > 0){
 				ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, r->server,
                 	"add score for %s (%i)", r->connection->client_ip, score);

char_list.cpp

@@ -16,6 +16,12 @@ class CharList{
 			return count;	
 		}
 
+		char* Get(int id){
+			if(id-- == 0)
+				return content;
+			return nextEntry->Get(id);
+		}
+	
 		void Add(char* c){
 			count++;
 			// if currently no entry

config.cpp

@@ -1,3 +1,9 @@
+// std::map
+#include <map>
+
+// string
+#include <string>
+
 // std::ifstream
 #include <fstream>
 
@@ -204,12 +210,36 @@ class Config{
 				}catch(const std::exception& e){}
 
 				if(newFilter.GetContent() != NULL){
-					filtersPostContent.Add(newFilter);					
+					// PostContent
+					if(newFilter.GetDomains().Count() != 0)
+					{
+						for(int i = 0; i < newFilter.GetDomains().Count(); i++){
+							domainFiltersPostContent[newFilter.GetDomains().Get(i)].Add(newFilter);
+						}
+					}
+					else
+						filtersPostContent.Add(newFilter);					
 				}
 				else if(newFilter.GetStatusCode() != 0){
-					filtersPostRequest.Add(newFilter);
+					// PostProcessing
+					if(newFilter.GetDomains().Count() != 0)
+					{
+						for(int i = 0; i < newFilter.GetDomains().Count(); i++){
+							domainFiltersPostRequest[newFilter.GetDomains().Get(i)].Add(newFilter);
+						}
+					}
+					else
+						filtersPostRequest.Add(newFilter);
 				} else {	
-					filtersPreRequest.Add(newFilter);
+					// PreProcessing
+					if(newFilter.GetDomains().Count() != 0)
+					{
+						for(int i = 0; i < newFilter.GetDomains().Count(); i++){
+							domainFiltersPreRequest[newFilter.GetDomains().Get(i)].Add(newFilter);
+						}
+					}
+					else
+						filtersPreRequest.Add(newFilter);
 				}
 
 			}
@@ -229,6 +259,21 @@ class Config{
 			return filtersPostContent;
 		}
 
+		static FilterList DomainFiltersPreRequest(const char* domain){
+			std::string str = domain;
+			return domainFiltersPreRequest[domain];
+		}
+	
+		static FilterList DomainFiltersPostRequest(const char* domain){
+			std::string str = domain;
+			return domainFiltersPostRequest[domain];
+		}
+	
+		static FilterList DomainFiltersPostContent(const char* domain){
+			std::string str = domain;
+			return domainFiltersPostContent[domain];
+		}
+	
 		static int TickDown(){
 			return tickDown;	
 		}
@@ -285,9 +330,15 @@ class Config{
 		static int maxHits;
 		static int tickDown;
 		static int blockTime;
+		
 		static FilterList filtersPreRequest;
 		static FilterList filtersPostRequest;
 		static FilterList filtersPostContent;
+	
+		static std::map<std::string, FilterList> domainFiltersPreRequest;
+		static std::map<std::string, FilterList> domainFiltersPostRequest;
+		static std::map<std::string, FilterList> domainFiltersPostContent;
+	
 		static Filter* defaults;
 		static CharList whitelist;
 
@@ -308,6 +359,11 @@ Filter* Config::defaults;
 FilterList Config::filtersPreRequest;
 FilterList Config::filtersPostRequest;
 FilterList Config::filtersPostContent;
+
+std::map<std::string, FilterList> Config::domainFiltersPreRequest;
+std::map<std::string, FilterList> Config::domainFiltersPostRequest;
+std::map<std::string, FilterList> Config::domainFiltersPostContent;
+
 CharList Config::whitelist;
 
 char* Config::blockCommandFormat;

filter.cpp

@@ -113,7 +113,7 @@ class Filter{
 			return std::regex_search(ua, botPattern);
 		}
 
-		int GetScore(request_rec *r, bool postRequest = false){
+		int GetScore(request_rec *r){
 			if(!ApplyForAssets()){
 				if(UrlIsAsset(r->unparsed_uri)){
 //					std::cerr << "skipped asset request on " << r->unparsed_uri << "\n";
@@ -153,13 +153,7 @@ class Filter{
 				free(m);
 			}
 
-			if(GetDomains().Count() != 0){
-				if(!GetDomains().Contains(r->hostname)){
-//					std::cerr << "skipped filter with 'wrong' domain " << r->hostname << " domain would be " << GetDomain() << "\n";
-					return 0;
-				}
-					
-			}
+			// removed domain check, as only filters are passed with matching domains
 
 			if(GetRequest() != NULL){
 				if(!CompareValues(r->unparsed_uri, GetRequest(), IsUseRegex())){