1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 /* The use of the scoreboard in this module is based on a similar
19 * but simpler module, mod_antiloris by Kees Monshouwer, from
20 * ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/
21 * Note the FIXME that affects both modules.
23 * The major difference is that mod_antiloris checks the scoreboard
24 * on every request. This implies a per-request overhead that grows
25 * with the scoreboard, and gets very expensive on a big server.
26 * On the other hand, this module (mod_noloris) may be slower to
27 * react to a DoS attack, and in the case of a very small server
28 * it might be too late.
30 * Author's untested instinct: mod_antiloris will suit servers with
31 * Prefork MPM and low traffic. A server with a threaded MPM
32 * (or possibly a big prefork server with lots of memory) should
33 * raise MaxClients and use mod_noloris.
37 #include "http_config.h"
38 #include "http_core.h"
39 #include "http_connection.h"
41 #include "mpm_common.h"
44 #include "scoreboard.h"
46 module AP_MODULE_DECLARE_DATA noloris_module;
48 #define ADDR_MAX_SIZE 48
50 static unsigned int default_max_connections;
51 static apr_hash_t *trusted;
52 static apr_interval_time_t recheck_time;
53 static apr_shm_t *shm;
54 static apr_size_t shm_size;
55 static int server_limit;
56 static int thread_limit;
58 static int noloris_conn(conn_rec *conn)
60 struct { int child_num; int thread_num; } *sbh = conn->sbh;
64 return DECLINED; /* we're disabled */
67 /* check the IP is not banned */
68 shm_rec = apr_shm_baseaddr_get(shm);
69 while (shm_rec[0] != '\0') {
70 if (!strcmp(shm_rec, conn->remote_ip)) {
71 apr_socket_t *csd = ap_get_conn_socket(conn);
72 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
73 "Dropping connection from banned IP %s",
75 apr_socket_close(csd);
79 shm_rec += ADDR_MAX_SIZE;
82 /* store this client IP for the monitor to pick up */
84 ap_update_child_status_from_conn(conn->sbh, SERVER_READY, conn);
88 static int noloris_monitor(apr_pool_t *pool, server_rec *s)
90 static apr_hash_t *connections = NULL;
91 static apr_time_t last_check = 0;
103 /* do nothing if disabled */
108 /* skip check if it's not due yet */
109 time_now = apr_time_now();
110 if (time_now - last_check < recheck_time) {
113 last_check = time_now;
115 /* alloc lots of stuff at start, so we don't leak memory per-call */
116 if (connections == NULL) {
117 connections = apr_hash_make(pool);
118 totals = apr_palloc(pool, server_limit*thread_limit);
119 ip = apr_palloc(pool, ADDR_MAX_SIZE);
122 /* Get a per-client count of connections in READ state */
123 for (i = 0; i < server_limit; ++i) {
124 for (j = 0; j < thread_limit; ++j) {
125 ws = ap_get_scoreboard_worker_from_indexes(i, j);
126 if (ws->status == SERVER_BUSY_READ) {
127 n = apr_hash_get(connections, ws->client, APR_HASH_KEY_STRING);
129 n = totals + index++ ;
133 apr_hash_set(connections, ws->client, APR_HASH_KEY_STRING, n);
138 /* reset shm before writing to it.
139 * We're only dealing with approx. counts, so we ignore the race condition
140 * with our prospective readers
142 shm_rec = apr_shm_baseaddr_get(shm);
143 memset(shm_rec, 0, shm_size);
145 /* Now check the hash for clients with too many connections in READ state */
146 for (hi = apr_hash_first(NULL, connections); hi; hi = apr_hash_next(hi)) {
147 apr_hash_this(hi, (const void**) &ip, NULL, (void**)&n);
148 if (*n >= default_max_connections) {
149 /* if this isn't a trusted proxy, we mark it as bad */
150 if (!apr_hash_get(trusted, ip, APR_HASH_KEY_STRING)) {
151 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
152 "noloris: banning %s with %d connections in READ state",
155 shm_rec += ADDR_MAX_SIZE;
159 apr_hash_clear(connections);
162 static int noloris_post(apr_pool_t *pconf, apr_pool_t *ptmp, apr_pool_t *plog,
166 int max_bans = thread_limit * server_limit / default_max_connections;
167 shm_size = ADDR_MAX_SIZE * max_bans;
169 rv = apr_shm_create(&shm, shm_size, NULL, pconf);
170 if (rv != APR_SUCCESS) {
171 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
172 "Failed to create shm segment; mod_noloris disabled");
173 apr_hash_clear(trusted);
178 static int noloris_pre(apr_pool_t *pconf, apr_pool_t *ptmp, apr_pool_t *plog)
180 ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
181 ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
183 /* set up default config stuff here */
184 trusted = apr_hash_make(pconf);
185 default_max_connections = 50;
186 recheck_time = apr_time_from_sec(10);
189 static void noloris_hooks(apr_pool_t *p)
191 ap_hook_process_connection(noloris_conn, NULL, NULL, APR_HOOK_FIRST);
192 ap_hook_pre_config(noloris_pre, NULL, NULL, APR_HOOK_MIDDLE);
193 ap_hook_post_config(noloris_post, NULL, NULL, APR_HOOK_MIDDLE);
194 ap_hook_monitor(noloris_monitor, NULL, NULL, APR_HOOK_MIDDLE);
196 static const char *noloris_trusted(cmd_parms *cmd, void *cfg, const char *val)
198 const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
200 apr_hash_set(trusted, val, APR_HASH_KEY_STRING, &noloris_module);
204 static const char *noloris_recheck(cmd_parms *cmd, void *cfg, const char *val)
206 const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
208 recheck_time = apr_time_from_sec(atoi(val));
212 static const char *noloris_max_conn(cmd_parms *cmd, void *cfg, const char *val)
214 const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
216 default_max_connections = atoi(val);
220 static const command_rec noloris_cmds[] = {
221 AP_INIT_ITERATE("TrustedProxy", noloris_trusted, NULL, RSRC_CONF,
222 "IP addresses from which to allow unlimited connections"),
223 AP_INIT_TAKE1("ClientRecheckTime", noloris_recheck, NULL, RSRC_CONF,
224 "Time interval for rechecking client connection tables"),
225 AP_INIT_TAKE1("MaxClientConnections", noloris_max_conn, NULL, RSRC_CONF,
226 "Max connections in READ state to permit from an untrusted client"),
229 AP_DECLARE_MODULE(noloris) = {
230 STANDARD20_MODULE_STUFF,