add protect function, and check if IP is in the protected pf table
This commit is contained in:
parent
04eb7c9266
commit
bf244d01e4
14
ptrd.pl
14
ptrd.pl
|
@ -126,10 +126,11 @@ sub http_child {
|
||||||
my ($first, $token, $hostname) = split(/\//, $r->uri->as_string);
|
my ($first, $token, $hostname) = split(/\//, $r->uri->as_string);
|
||||||
my $tld = (defined($hostname) ? substr($hostname, rindex($hostname, '.')+1) : '');
|
my $tld = (defined($hostname) ? substr($hostname, rindex($hostname, '.')+1) : '');
|
||||||
$hostname = (!defined($hostname) ? $token : lc($hostname));
|
$hostname = (!defined($hostname) ? $token : lc($hostname));
|
||||||
|
my $protected = system("pfctl -qt protected -T test $client_ip 2> /dev/null");
|
||||||
|
|
||||||
if ($ip->overlaps($ipv4_range) or $ip->overlaps($ipv6_range)) {
|
if ($ip->overlaps($ipv4_range) or $ip->overlaps($ipv6_range)) {
|
||||||
|
|
||||||
if ($token eq 'token') {
|
if ($token eq 'token' and $protected) {
|
||||||
my $token = sha1_hex(int(rand(32)));
|
my $token = sha1_hex(int(rand(32)));
|
||||||
open my $fh_token, '>', "${workdir}/tokens/${token}";
|
open my $fh_token, '>', "${workdir}/tokens/${token}";
|
||||||
print $fh_token "$client_ip\n";
|
print $fh_token "$client_ip\n";
|
||||||
|
@ -138,7 +139,14 @@ sub http_child {
|
||||||
_log("$client_ip $token");
|
_log("$client_ip $token");
|
||||||
_http_response($c, {content_type => 'text/plain'}, "$token");
|
_http_response($c, {content_type => 'text/plain'}, "$token");
|
||||||
|
|
||||||
} elsif (-e "${workdir}/tokens/$token" and grep(/^${tld}$/i, @tlds) and ($hostname =~ /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)/)) {
|
} elsif ($token eq 'protect') {
|
||||||
|
my $protect = qx(pfctl -t protected -T add $client_ip 2>&1);
|
||||||
|
chomp $protect;
|
||||||
|
|
||||||
|
_log("$client_ip $token $protect");
|
||||||
|
_http_response($c, {content_type => 'text/plain'}, "Received [$client_ip -> protect] $protect");
|
||||||
|
|
||||||
|
} elsif (-e "${workdir}/tokens/$token" and grep(/^${tld}$/i, @tlds) and ($hostname =~ /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)/) and $protected) {
|
||||||
|
|
||||||
open my $fh, '>', "${workdir}/records/${client_ip}";
|
open my $fh, '>', "${workdir}/records/${client_ip}";
|
||||||
if ($ip->overlaps($ipv4_range)) {
|
if ($ip->overlaps($ipv4_range)) {
|
||||||
|
@ -170,7 +178,7 @@ sub http_child {
|
||||||
_http_error($c, RC_REQUEST_TIMEOUT);
|
_http_error($c, RC_REQUEST_TIMEOUT);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
_log("$client_ip RC_BAD_REQUEST $hostname");
|
_log("$client_ip RC_BAD_REQUEST $hostname ($protected)");
|
||||||
_http_error($c, RC_BAD_REQUEST);
|
_http_error($c, RC_BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue