// In trainning mode, to save all request info void saveRequestInfo(request_rec *r){ int currentMaxParamsNum = 0; apr_off_t getSize = 0; apr_off_t postSize = 0; Params * getParams = getGetParams(r, &getSize); Params * postParams = getPostParms(r, &postSize); char * uri = r->uri; // Update max parameters number for a page currentMaxParamsNum = getSize + postSize; int maxInDB = select_max_parameter_num(uri); if(maxInDB == -1){ // insert to DB insert_max_parameter_num(uri, currentMaxParamsNum); }else{ if(currentMaxParamsNum > maxInDB){ // update DB value update_max_parameter_num(uri, currentMaxParamsNum); } } // Save the record into DB int i = 0; for(i = 0; i< getSize; i++){ // save get paramether info into DB insert_record_len(uri, getParams[i].key, getParams[i].length); // Update characters set for this parameter char * charSet = select_parameters_character_set(uri, getParams[i].key); if(charSet == NULL){ // This is the first time to see this parameter insert_parameters(uri, getParams[i].key, 0, 0, 1, getParams[i].val); }else{ // Update char set updateCharSet(getParams[i].val, charSet); //ap_rprintf(r,"new char set is %s--\n", charSet); update_parameters_character_set(uri, getParams[i].key, charSet); } } for(i = 0; i< postSize; i++){ // save post paramether info into DB insert_record_len(uri, postParams[i].key, postParams[i].length); // Update characters set for this parameter char * charSet = select_parameters_character_set(uri, postParams[i].key); if(charSet == NULL){ // This is the first time to see this parameter insert_parameters(uri, postParams[i].key, 0, 0, 1, postParams[i].val); }else{ // Update char set updateCharSet(postParams[i].val, charSet); update_parameters_character_set(uri, postParams[i].key, charSet); } } }
requestInfo *getRequestInfo(char buf[]) { requestInfo *hRequestInfo; hRequestInfo = malloc(sizeof(requestInfo)); int requestLen = strlen(buf); /* 获取action */ char *action; char *tmpAction; action = malloc(sizeof(char) * 4); tmpAction = action; /* 获取请求的URL */ char *file; char *tmpFile; file = malloc(sizeof(char) * 20); tmpFile = file; int i; int space = 0; for (i = 0; i < requestLen; i++) { if (buf[i] == ' ') { space++; } if (space == 0) { *action++ = buf[i]; } if (space == 1 && buf[i] != ' ') { *file++ = buf[i]; } } *action = '\0'; *file = '\0'; hRequestInfo->method = malloc(sizeof(char) * 4); hRequestInfo->file = malloc(sizeof(char) * 20); hRequestInfo->method = tmpAction; hRequestInfo->file = tmpFile; //if (strcmp(hRequestInfo->file, "/") == 0) { hRequestInfo->file = "/index.html"; //} hRequestInfo->paramsList = getGetParams(tmpFile, strlen(tmpFile)); return hRequestInfo; }
// In detection mode, do anomaly detection int detectRequest(request_rec * r){ int currentMaxParamsNum = 0; apr_off_t getSize = 0; apr_off_t postSize = 0; Params * getParams = getGetParams(r, &getSize); Params * postParams = getPostParms(r, &postSize); char * uri = r->uri; // Update max parameters number for a page currentMaxParamsNum = getSize + postSize; int maxInDB = select_max_parameter_num(uri); if(maxInDB == -1){ // The request is not store in DB, compare it with all pages max maxInDB = select_max_parameter_num_all(); if(maxInDB < currentMaxParamsNum){ // exceed max parameter number return EXCEEDALLMAXNUM; }else{ return PASSDETECTION; } } if(maxInDB < currentMaxParamsNum){ // exceed max parameter number return EXCEEDMAXPARAMNUM; } int i = 0; for(i = 0; i< getSize; i++){ if(!isKnownParams(uri, getParams[i].key)){ // The parameter is unknow ap_rprintf(r,"<H3>Parameter:'%s' is unknown!</H3>",getParams[i].key); return UNKNOWNPRARM; } if(!isParamsLenLegal(uri, getParams[i].key, getParams[i].length)){ // parameters length is illegal ap_rprintf(r,"<H3>Parameter:'%s' length is illegal!</H3>",getParams[i].key); return PARAMLENILLEGAL; } if(!allCharSeen(uri, getParams[i].key,getParams[i].val)){ // Contains no seen characters ap_rprintf(r,"<H3>Parameter:'%s' contains illegal characters!</H3>",getParams[i].key); return CONTAINSNOSEENCHAR; } } for(i = 0; i< postSize; i++){ if(!isKnownParams(uri, postParams[i].key)){ // The parameter is unknow ap_rprintf(r,"<H3>Parameter:'%s' is unknown!</H3>",postParams[i].key); return UNKNOWNPRARM; } if(!isParamsLenLegal(uri, postParams[i].key, postParams[i].length)){ // parameters length is illegal ap_rprintf(r,"<H3>Parameter:'%s' length is illegal!</H3>",postParams[i].key); return PARAMLENILLEGAL; } if(!allCharSeen(uri, postParams[i].key,postParams[i].val)){ // Contains no seen characters ap_rprintf(r,"<H3>Parameter:'%s' contains illegal characters!</H3>",postParams[i].key); return CONTAINSNOSEENCHAR; } } return PASSDETECTION; }