예제 #1
0
/* Validate URL
 */
bool validate_url(t_session *session) {
	if (valid_uri(session->uri, session->host->allow_dot_files)) {
		if (session->host->secure_url == false) {
			return true;
		} else if (strstr(session->request_uri, "%00") == NULL) {
			return true;
		} else {
			session->return_code = 403;
		}
	} else {
		session->return_code = (session->request_method == PUT) ? 403 : 404;
	}

	log_exploit_attempt(session, "invalid URL", NULL);
#ifdef ENABLE_TOMAHAWK
	increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
	if (session->config->monitor_enabled) {
		monitor_count_exploit_attempt(session);
		monitor_event("Invalid URL %s for %s", session->uri, session->host->hostname.item[0]);
	}
#endif

	session->error_cause = ec_INVALID_URL;

	return false;
}
예제 #2
0
파일: session.c 프로젝트: Ygrex/hiawatha
static void log_sqli_attempt(t_session *session, char *str) {
	log_exploit_attempt(session, "SQLi", str);
#ifdef ENABLE_TOMAHAWK
	increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
	if (session->config->monitor_enabled) {
		monitor_count_exploit_attempt(session);
		monitor_event("SQLi attempt for %s%s", session->host->hostname.item[0], session->uri);
	}
#endif
}
예제 #3
0
파일: session.c 프로젝트: Ygrex/hiawatha
static int prevent_xss_str(t_session *session, char *input) {
	int result = 0;
	short low, high;
	char *str, value;
	char tag[22];

	str = input;

	while (*str != '\0') {
		if ((value = *str) == '%') {
			if ((high = hex_char_to_int(*(str + 1))) != -1) {
				if ((low = hex_char_to_int(*(str + 2))) != -1) {
					value = (char)(high<<4) + low;
					str += 2;
				}
			}
		}

		if (value == '<') {
			str++;
			strncpy(tag, str, 21);
			tag[21] = '\0';
			url_decode(tag);
			strlower(tag);

			if ((memcmp(tag, "script", 6) == 0) && ((tag[6] == ' ') || (tag[6] == '>'))) {
				log_exploit_attempt(session, "XSS", input);
#ifdef ENABLE_TOMAHAWK
				increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_exploit_attempt(session);
					monitor_event("XSS attempt for %s%s", session->host->hostname.item[0], session->uri);
				}
#endif

				if (session->host->prevent_xss == p_prevent) {
					*str = '_';
				}

				result = 1;

				break;
			}
		}

		str++;
	}

	return result;
}
예제 #4
0
파일: session.c 프로젝트: AcamTech/hiawatha
/* Prevent cross-site scripting.
 */
int prevent_xss(t_session *session) {
	int result = 0;
	bool logged = false;
	short low, high;
	char *str, value;

	if ((str = session->vars) == NULL) {
		return 0;
	}

	while (*str != '\0') {
		if ((value = *str) == '%') {
			if ((high = hex_char_to_int(*(str + 1))) != -1) {
				if ((low = hex_char_to_int(*(str + 2))) != -1) {
					value = (char)(high<<4) + low;
				}
			}
		}

		if ((value == '\"') || (value == '<') || (value == '>') || (value == '\'')) {
			if (logged == false) {
				log_exploit_attempt(session, "XSS", session->vars);
#ifdef ENABLE_TOMAHAWK
				increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_exploit_attempt(session);
					monitor_event("XSS attempt for %s%s", session->host->hostname.item[0], session->uri);
				}
#endif
				logged = true;
			}

			*str = '_';
			result = 1;
		}
		str++;
	}

	return result;
}
예제 #5
0
파일: session.c 프로젝트: Ygrex/hiawatha
/* Prevent Cross-site Request Forgery
 */
int prevent_csrf(t_session *session) {
	char *referer, *slash, prev = '\0';
	int i, n;
#ifdef ENABLE_MONITOR
	char *csrf_url;
#endif

	if (session->request_method != POST) {
		return 0;
	}

	if ((referer = get_http_header("Origin:", session->http_headers)) == NULL) {
		if ((referer = get_http_header("Referer:", session->http_headers)) == NULL) {
			return 0;
		}
	}

#ifdef ENABLE_MONITOR
	csrf_url = referer;
#endif

	if (strncmp(referer, "http://", 7) == 0) {
		referer += 7;
	} else if (strncmp(referer, "https://", 8) == 0) {
		referer += 8;
	} else {
		session->request_method = GET;
		session->body = NULL;
		session->cookies = NULL;

		log_error(session, "invalid referer while checking for CSRF");

		return 1;
	}

	if ((slash = strchr(referer, '/')) != NULL) {
		n = slash - referer;
	} else {
		n = strlen(referer);
	}

	for (i = 0; i < session->host->hostname.size; i++) {
		if (strncasecmp(referer, *(session->host->hostname.item + i), n) == 0) {
			return 0;
		}
	}

	if (session->body != NULL) {
		prev = *(session->body + session->content_length);
		*(session->body + session->content_length) = '\0';
	}

	log_exploit_attempt(session, "CSRF", session->body);

	if (session->body != NULL) {
		*(session->body + session->content_length) = prev;
	}

	if (session->host->prevent_csrf == p_prevent) {
		session->request_method = GET;
		session->body = NULL;
		session->cookies = NULL;
	}

#ifdef ENABLE_TOMAHAWK
	increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
	if (session->config->monitor_enabled) {
		monitor_count_exploit_attempt(session);
		monitor_event("CSRF attempt for %s%s via %s", session->host->hostname.item[0], session->uri, csrf_url);
	}
#endif

	return 1;
}
예제 #6
0
파일: workers.c 프로젝트: AcamTech/hiawatha
/* Serve the client that connected to the webserver
 */
static int serve_client(t_session *session) {
	int result, length, auth_result, connections_per_ip, total_connections = -1;
	char *qmark, chr, *header;
	t_host *host_record;
	t_access access;
	t_deny_body *deny_body;
	t_req_method request_method;
	t_ip_addr ip_addr;
#ifdef ENABLE_XSLT
	char *xslt_file;
#endif
#ifdef ENABLE_TOOLKIT
	int i;
	t_toolkit_options toolkit_options;
#endif
#ifdef ENABLE_RPROXY
	t_rproxy *rproxy = NULL;
#endif

#ifdef ENABLE_DEBUG
	session->current_task = "fetch & parse request";
#endif

	if ((result = fetch_request(session)) != 200) {
		session->request_method = GET;
		return result;
	} else if ((result = parse_request(session, session->header_length + session->content_length)) != 200) {
		session->request_method = GET;
		return result;
	}

#ifdef ENABLE_DEBUG
	session->current_task = "serve client";
#endif

	session->time = time(NULL);

	/* Hide reverse proxies
	 */
	if (session->via_trusted_proxy) {
		if (last_forwarded_ip(session->http_headers, &ip_addr) == 0) {
			if (reposition_client(session, &ip_addr) != -1) {
				copy_ip(&(session->ip_address), &ip_addr);

				if (session->request_limit == false) {
					connections_per_ip = session->config->total_connections;
				} else {
					connections_per_ip = session->config->connections_per_ip;
				}

				if ((total_connections = connection_allowed(&ip_addr, false, connections_per_ip, session->config->total_connections)) < 0) {
					session->keep_alive = false;
					return handle_connection_not_allowed(session, total_connections);
				}
			}
		}
	}

#ifdef ENABLE_RPROXY
	/* SSH tunneling
	 */
	if (session->request_method == CONNECT) {
		if (in_iplist(session->config->tunnel_ssh, &(session->ip_address)) == false) {
			return 405;
		}

#ifdef ENABLE_TLS
		if (session->binding->use_tls) {
			return 405;
		}
#endif

		if (strcmp(session->request_uri, "localhost:22") != 0) {
			if (strcmp(session->request_uri, "127.0.0.1:22") != 0) {
				if (strcmp(session->request_uri, "::1.22") != 0) {
					return 403;
				}
			}
		}

		log_system(session, "SSH tunnel requested");
		if (tunnel_ssh_connection(session->client_socket) != 0) {
			log_system(session, "SSH tunnel failed");
		} else {
			log_system(session, "SSH tunnel terminated");
		}

		session->keep_alive = false;

		return 200;
	}
#endif

#ifdef ENABLE_CHALLENGE
	/* Challenge client
	 */
	if (session->config->challenge_threshold >= 0) {
		if (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny) {
			if (total_connections == -1) {
				total_connections = count_registered_connections();
			}

			if (challenge_client_mode == false) {
				if (total_connections >= session->config->challenge_threshold) {
					challenge_client_mode = true;
					log_system(session, "ChallengeClient mode activated");
				}
			} else {
				if (total_connections < 0.9 * session->config->challenge_threshold) {
					challenge_client_mode = false;
					log_system(session, "ChallengeClient mode deactivated");
				}
			}

			if (challenge_client_mode) {
				if ((result = challenge_client(session)) != 0) {
					if ((result != 200) && (session->config->challenge_ban > 0)) {
						ban_ip(&(session->ip_address), session->config->challenge_ban, session->config->kick_on_ban);
						log_system(session, "Client banned due to challenge failure");
#ifdef ENABLE_MONITOR
						if (session->config->monitor_enabled) {
							monitor_count_ban(session);
						}
#endif
					} else if (result == 403) {
						session->keep_alive = false;
					}

					return result;
				}
			}
		}
	}
#endif

	/* Find host record
	 */
	if (session->hostname != NULL) {
		if (remove_port_from_hostname(session) == -1) {
			log_error(session, "error removing port from hostname");
			return 500;
		}

		if ((host_record = get_hostrecord(session->config->first_host, session->hostname, session->binding)) != NULL) {
			session->host = host_record;
#ifdef ENABLE_TOMAHAWK
			session->last_host = host_record;
#endif
		}
	}
	session->host->access_time = session->time;


#ifdef ENABLE_TLS
	/* TLS client authentication
	 */
	if (session->binding->use_tls) {
		if ((session->host->ca_certificate != NULL) && (tls_has_peer_cert(&(session->tls_context)) == false)) {
			log_error(session, "Missing client TLS certificate");
			return 440;
		}
	}
#endif

	/* Enforce usage of first hostname
	 */
	if (session->host->enforce_first_hostname && (session->hostname != NULL)) {
		if (**(session->host->hostname.item) != '*') {
			if (strcmp(session->hostname, *(session->host->hostname.item)) != 0) {
				session->cause_of_301 = enforce_first_hostname;
				return 301;
			}
		}
	}

	/* Enforce usage of TLS
	 */
#ifdef ENABLE_TLS
	if (session->host->require_tls && (session->binding->use_tls == false)) {
		if ((qmark = strchr(session->uri, '?')) != NULL) {
			*qmark = '\0';
			session->vars = qmark + 1;
			session->uri_len = strlen(session->uri);
		}
		session->cause_of_301 = require_tls;
		return 301;
	}
#endif

	/* Deny matching bodies
	 */
	if (session->body != NULL) {
		chr = *(session->body + session->content_length);
		*(session->body + session->content_length) = '\0';

		deny_body = session->host->deny_body;
		while (deny_body != NULL) {
			if (strpcmp(session->body, &(deny_body->pattern)) == 0) {
				if ((session->config->ban_on_denied_body > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
					ban_ip(&(session->ip_address), session->config->ban_on_denied_body, session->config->kick_on_ban);
					log_system(session, "Client banned because of denied body");
					session->keep_alive = false;
#ifdef ENABLE_MONITOR
					if (session->config->monitor_enabled) {
						monitor_count_ban(session);
					}
#endif
				}

				log_exploit_attempt(session, "denied body", session->body);
#ifdef ENABLE_TOMAHAWK
				increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_exploit_attempt(session);
					monitor_event("Request body denied for %s", session->host->hostname.item[0]);
				}
#endif

				*(session->body + session->content_length) = chr;

				return 403;
			}
			deny_body = deny_body->next;
		}

		*(session->body + session->content_length) = chr;
	}

#ifdef ENABLE_RPROXY
	rproxy = select_rproxy(session->host->rproxy, session->uri
#ifdef ENABLE_TLS
		, session->binding->use_tls
#endif
		);
#endif

	/* Websocket
	 */
	if ((session->request_method == GET) && (session->host->websockets != NULL)) {
		if ((header = get_http_header("Connection:", session->http_headers)) == NULL) {
			goto no_websocket;
		} else if (strcasestr(header, "upgrade") == NULL) {
			goto no_websocket;
		} else if ((header = get_http_header("Upgrade:", session->http_headers)) == NULL) {
			goto no_websocket;
		} else if (strcasecmp(header, "websocket") != 0) {
			goto no_websocket;
		}

		switch (access = allow_client(session)) {
			case deny:
				log_error(session, fb_accesslist);
				return 403;
			case allow:
				break;
			case pwd:
			case unspecified:
				if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
					return auth_result;
				}
		}

		session->keep_alive = false;
		if ((result = forward_to_websocket(session)) != 0) {
			return result;
		}

		session->return_code = 101;

		return 200;
	}
no_websocket:

	/* Actions based on request method
	 */
#ifdef ENABLE_RPROXY
	if (rproxy == NULL)
#endif
	switch (session->request_method) {
		case TRACE:
			if (session->binding->enable_trace == false) {
				return 501;
			}
			return handle_trace_request(session);
		case PUT:
		case DELETE:
			if ((session->binding->enable_alter == false) && (session->host->webdav_app == false)) {
				return 501;
			}
			break;
		case unknown:
			return 400;
		case unsupported:
			if (session->host->webdav_app == false) {
				return 501;
			}
			break;
		default:
			break;
	}

	if (duplicate_host(session) == false) {
		log_error(session, "duplicate_host() error");
		return 500;
	}

#ifdef ENABLE_TOOLKIT
	if (session->host->use_local_config) {
		if (load_user_root_config(session) == -1) {
			return 500;
		}
	}

	if (total_connections == -1) {
		total_connections = count_registered_connections();
	}

	/* URL toolkit
	 */
	init_toolkit_options(&toolkit_options);
	toolkit_options.method = session->method;
	toolkit_options.website_root = session->host->website_root;
	toolkit_options.url_toolkit = session->config->url_toolkit;
	toolkit_options.allow_dot_files = session->host->allow_dot_files;
	toolkit_options.http_headers = session->http_headers;
	toolkit_options.total_connections = total_connections;
	toolkit_options.log_request = true;
#ifdef ENABLE_TLS
	toolkit_options.use_tls = session->binding->use_tls;
#endif

	result = 0;
	for (i = 0; i < session->host->toolkit_rules.size; i++) {
		result = process_url_toolkit(session, session->host->toolkit_rules.item[i], &toolkit_options);
		if (result == UT_EXIT) {
			break;
		} else if (result != 0) {
			return result;
		}
	}
#endif

	/* Find GET data
	 */
	if ((qmark = strchr(session->uri, '?')) != NULL) {
		*qmark = '\0';
		session->vars = qmark + 1;
	}

#ifdef ENABLE_RPROXY
	if (rproxy == NULL) {
#endif
		url_decode(session->uri);
		session->uri_len = strlen(session->uri);

		if ((session->vars != NULL) && (session->host->secure_url)) {
			if (forbidden_chars_present(session->vars)) {
				log_error(session, "URL contains forbidden characters");
				return 403;
			}
		}
#ifdef ENABLE_RPROXY
	}
#endif

	if (validate_url(session) == false) {
		return -1;
	}

#ifdef ENABLE_RPROXY
	/* Reverse proxy
	 */
	if (rproxy != NULL) {
		if (rproxy_loop_detected(session->http_headers)) {
			return 508;
		}

		switch (access = allow_client(session)) {
			case deny:
				log_error(session, fb_accesslist);
				return 403;
			case allow:
				break;
			case pwd:
			case unspecified:
				if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
					return auth_result;
				}
		}

		/* Prevent SQL injection
		 */
		if (session->host->prevent_sqli) {
			result = prevent_sqli(session);
			if (result == 1) {
				session->error_cause = ec_SQL_INJECTION;
			}
			if (result != 0) {
				return -1;
			}
		}

		/* Prevent Cross-site Scripting
		 */
		if (session->host->prevent_xss != p_no) {
			if (prevent_xss(session) > 0) {
				if (session->host->prevent_xss == p_block) {
					session->error_cause = ec_XSS;
					return -1;
				}
			}
		}

		/* Prevent Cross-site Request Forgery
		 */
		if (session->host->prevent_csrf != p_no) {
			if (prevent_csrf(session) > 0) {
				if (session->host->prevent_csrf == p_block) {
					session->error_cause = ec_CSRF;
					return -1;
				}
			}
		}

		return proxy_request(session, rproxy);
	}
#endif

	if ((result = uri_to_path(session)) != 200) {
		return result;
	}

	/* Load configfile from directories
	 */
	if (session->host->use_local_config) {
		if (load_user_config(session) == -1) {
			return 500;
		}
	}

	if ((result = copy_directory_settings(session)) != 200) {
		return result;
	}

	switch (access = allow_client(session)) {
		case deny:
			log_error(session, fb_accesslist);
			return 403;
		case allow:
			break;
		case pwd:
		case unspecified:
			if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
				return auth_result;
			}
	}

	switch (is_directory(session->file_on_disk)) {
		case error:
			return 500;
		case yes:
			session->uri_is_dir = true;
			break;
		case no:
			if (((session->request_method != PUT) || session->host->webdav_app) && (session->host->enable_path_info)) {
				if ((result = get_path_info(session)) != 200) {
					return result;
				}
			}
			break;
		case no_access:
			log_error(session, fb_filesystem);
			return 403;
		case not_found:
			if (session->request_method == DELETE) {
				return 404;
			}
	}

#ifdef ENABLE_TOOLKIT
	if ((session->toolkit_fastcgi == NULL) && session->uri_is_dir) {
#else
	if (session->uri_is_dir) {
#endif
		length = strlen(session->file_on_disk);
		if (*(session->file_on_disk + length - 1) == '/') {
			strcpy(session->file_on_disk + length, session->host->start_file);
		} else {
			return 301;
		}
	}

	if (get_target_extension(session) == -1) {
		log_error(session, "error getting extension");
		return 500;
	}

	if (((session->request_method != PUT) && (session->request_method != DELETE)) || session->host->webdav_app) {
		check_target_is_cgi(session);
	}

	/* Handle request based on request method
	 */
	request_method = session->request_method;
	if (session->host->webdav_app) {
		if ((request_method == PUT) || (request_method == DELETE)) {
			request_method = POST;
		}
	}

	switch (request_method) {
		case GET:
		case HEAD:
			if (session->cgi_type != no_cgi) {
				session->body = NULL;
				result = execute_cgi(session);
#ifdef ENABLE_XSLT
			} else if ((xslt_file = find_xslt_file(session)) != NULL) {
				result = handle_xml_file(session, xslt_file);
				free(xslt_file);
#endif
			} else {
				result = send_file(session);
			}
			if (result == 404) {
#ifdef ENABLE_XSLT
				if ((session->host->show_index != NULL) && (session->uri[session->uri_len - 1] == '/')) {
					result = show_index(session);
				}
#endif
#ifdef ENABLE_MONITOR
			} else if (session->config->monitor_enabled) {
				if ((result == 200) && (session->host->monitor_host)) {
					unlink(session->file_on_disk);
				}
#endif
			}

			if ((session->request_method == GET) && (session->cgi_type == no_cgi) && (session->directory != NULL)) {
				if (session->directory->run_on_download != NULL) {
					run_program(session, session->directory->run_on_download, result);
				}
			}
			break;
		case POST:
		case unsupported:
			if (session->cgi_type != no_cgi) {
				result = execute_cgi(session);
#ifdef ENABLE_XSLT
			} else if ((xslt_file = find_xslt_file(session)) != NULL) {
				result = handle_xml_file(session, xslt_file);
				free(xslt_file);
#endif
			} else {
				result = 405;
			}
			break;
		case PUT:
			result = handle_put_request(session);
			if (((result == 201) || (result == 204)) && (session->host->run_on_alter != NULL)) {
				run_program(session, session->host->run_on_alter, result);
			}
			break;
		case DELETE:
			result = handle_delete_request(session);
			if ((result == 204) && (session->host->run_on_alter != NULL)) {
				run_program(session, session->host->run_on_alter, result);
			}
			break;
		case WHEN:
			send_code(session);
			break;
		default:
			result = 400;
	}

	return result;
}

/* Handle timeout upon sending request
 */
static void handle_timeout(t_session *session) {
	if ((session->config->ban_on_timeout > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
		ban_ip(&(session->ip_address), session->config->ban_on_timeout, session->config->kick_on_ban);
		log_system(session, "Client banned because of connection timeout");
		session->keep_alive = false;
#ifdef ENABLE_MONITOR
		if (session->config->monitor_enabled) {
			monitor_count_ban(session);
		}
#endif
	} else if (session->config->log_timeouts) {
		log_system(session, "Timeout while waiting for first request");
	}
}

/* Request has been handled, handle the return code.
 */
static void handle_request_result(t_session *session, int result) {
	char *hostname;

#ifdef ENABLE_DEBUG
	session->current_task = "handle request result";
#endif

	if (result == -1) switch (session->error_cause) {
		case ec_MAX_REQUESTSIZE:
			log_system(session, "Maximum request size reached");
			session->return_code = 413;
			send_code(session);
			if ((session->config->ban_on_max_request_size > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
				ban_ip(&(session->ip_address), session->config->ban_on_max_request_size, session->config->kick_on_ban);
				log_system(session, "Client banned because of sending a too large request");
				session->keep_alive = false;
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_ban(session);
				}
#endif
			}
			break;
		case ec_TIMEOUT:
			if (session->kept_alive == 0) {
				session->return_code = 408;
				send_code(session);
				handle_timeout(session);
			}
			break;
		case ec_CLIENT_DISCONNECTED:
			if ((session->kept_alive == 0) && session->config->log_timeouts) {
				log_system(session, "Silent client disconnected");
			}
			break;
		case ec_SOCKET_READ_ERROR:
			if (errno != ECONNRESET) {
				log_system(session, "Error while reading request");
			}
			break;
		case ec_SOCKET_WRITE_ERROR:
			if (session->log_request) {
				log_request(session);
			}
			break;
		case ec_FORCE_QUIT:
			if (session->config->log_timeouts) {
				log_system(session, "Client kicked");
			}
			break;
		case ec_SQL_INJECTION:
			if ((session->config->ban_on_sqli > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
				ban_ip(&(session->ip_address), session->config->ban_on_sqli, session->config->kick_on_ban);
				hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
				log_system(session, "Client banned because of SQL injection on %s", hostname);
				session->keep_alive = false;
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_ban(session);
				}
#endif
			}
#ifdef ENABLE_DEBUG
			session->return_code = 441;
#else
			session->return_code = 404;
#endif
			send_code(session);
			if (session->log_request) {
				log_request(session);
			}
			break;
		case ec_XSS:
			session->return_code = 442;
			send_code(session);
			if (session->log_request) {
				log_request(session);
			}
			break;
		case ec_CSRF:
			session->return_code = 443;
			send_code(session);
			if (session->log_request) {
				log_request(session);
			}
			break;
		case ec_INVALID_URL:
			if ((session->config->ban_on_invalid_url > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
				ban_ip(&(session->ip_address), session->config->ban_on_invalid_url, session->config->kick_on_ban);
				hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
				log_system(session, "Client banned because of invalid URL on %s", hostname);
				session->keep_alive = false;
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_ban(session);
				}
#endif
			}
			send_code(session);
			break;
		default:
			if (session->data_sent == false) {
				session->return_code = 500;
				if (send_code(session) == -1) {
					session->keep_alive = false;
				}
			}
	} else switch (result) {
		case 200:
			break;
		case 201:
		case 204:
		case 304:
		case 412:
			if (session->data_sent == false) {
				session->return_code = result;
				if (send_header(session) == -1) {
					session->keep_alive = false;
				} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
					session->keep_alive = false;
				}
			}
			break;
		case 411:
		case 413:
			session->keep_alive = false;
			if (session->data_sent == false) {
				session->return_code = result;
				if (send_header(session) == -1) {
					session->keep_alive = false;
				} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
					session->keep_alive = false;
				}
			}
			break;
		case 400:
			log_garbage(session);
			if (session->data_sent == false) {
				session->return_code = 400;
				if (send_code(session) == -1) {
					session->keep_alive = false;
				}
			}
			if ((session->config->ban_on_garbage > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
				ban_ip(&(session->ip_address), session->config->ban_on_garbage, session->config->kick_on_ban);
				log_system(session, "Client banned because of sending garbage");
				session->keep_alive = false;
#ifdef ENABLE_MONITOR
				if (session->config->monitor_enabled) {
					monitor_count_ban(session);
				}
#endif
			}
#ifdef ENABLE_MONITOR
			if (session->config->monitor_enabled) {
				monitor_count_bad_request(session);
			}
#endif
			break;
		case 401:
		case 403:
		case 404:
		case 501:
		case 503:
			if (session->data_sent == false) {
				switch (handle_error(session, result)) {
					case -1:
						session->keep_alive = false;
						break;
					case 200:
						break;
					default:
						if (session->data_sent == false) {
							session->return_code = result;
							if (send_code(session) == -1) {
								session->keep_alive = false;
							}
						}
				}
			}
			break;
		case 500:
			session->keep_alive = false;
		default:
			if (session->data_sent == false) {
				session->return_code = result;
				send_code(session);
			}
	}

	if ((result > 0) && (result != 400)) {
		if (session->log_request) {
			log_request(session);
		}
	} else {
		session->keep_alive = false;
	}
}
예제 #7
0
파일: session.c 프로젝트: AcamTech/hiawatha
/* Prevent SQL injection
 */
static int prevent_sqli_str(t_session *session, char *str, int length) {
	char *data, *c, *begin, *end;
	t_sqli_pattern *pattern;
	int result = 0;

	if ((str == NULL) || (length <= 0)) {
		return 0;
	}

	if ((data = (char*)malloc(length + 1)) == NULL) {
		return -1;
	}

	memcpy(data, str, length);
	data[length] = '\0';
	url_decode(data);

	c = data;
	while (*c != '\0') {
		if (*c == '+') {
			*c = ' ';
		}
		c++;
	}

	/* Remove comments
	 */
	end = data;
	while ((begin = strstr(end, "/*")) != NULL) {
		if ((end = strstr(begin + 2, "*/")) == NULL) {
			break;
		}
		end += 2;
		memset(begin, ' ', end - begin);
	}

	/* Remove double parenthesis
	 */
	end = data;
	while ((begin = strchr(end, '(')) != NULL) {
		end = begin + 1;
		while (*end == ' ') {
			end++;
		}
		if (*end == '(') {
			*begin = ' ';
		}
	}

	/* Match patterns
	 */
	pattern = sqli_patterns;
	while (pattern != NULL) {
		if (regexec(&(pattern->regex), data, 0, NULL, 0) != REG_NOMATCH) {
			log_exploit_attempt(session, "SQLi", str);
#ifdef ENABLE_TOMAHAWK
			increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
			if (session->config->monitor_enabled) {
				monitor_count_exploit_attempt(session);
				monitor_event("SQLi attempt for %s%s", session->host->hostname.item[0], session->uri);
			}
#endif

			result = 1;
			break;
		}

		pattern = pattern->next;
	}

	free(data);

	return result;
}