void XRuleIP::xrule_impl( IronBee::Transaction tx, ActionSet& actions ) { const char *remote_ip = tx.effective_remote_ip_string(); ib_ip4_t ipv4; ib_ip6_t ipv6; ib_log_debug_tx(tx.ib(), "Checking IP Access for %s", remote_ip); // Check IP lists. if (remote_ip == NULL) { BOOST_THROW_EXCEPTION( IronBee::einval() << IronBee::errinfo_what("No remote IP available.") ); } else if (IB_OK == ib_ip4_str_to_ip(remote_ip, &ipv4)) { const ib_ipset4_entry_t *entry; ib_status_t rc; rc = ib_ipset4_query(&(m_ipset4), ipv4, NULL, &entry, NULL); if (rc == IB_OK) { ib_log_debug_tx(tx.ib(), "IP matched %s", remote_ip); action_ptr action = IronBee::data_to_value<action_ptr>(entry->data); actions.set(action); } else { ib_log_debug_tx( tx.ib(), "IP set is empty or does not include %s", remote_ip); } } else if (IB_OK == ib_ip6_str_to_ip(remote_ip, &ipv6)) { const ib_ipset6_entry_t *entry; ib_status_t rc; rc = ib_ipset6_query(&(m_ipset6), ipv6, NULL, &entry, NULL); if (rc == IB_OK) { ib_log_debug_tx(tx.ib(), "IP matched %s", remote_ip); action_ptr action = IronBee::data_to_value<action_ptr>(entry->data); actions.set(action); } else { ib_log_debug_tx( tx.ib(), "IP set is empty or does not include %s", remote_ip); } } else { BOOST_THROW_EXCEPTION( IronBee::enoent() << IronBee::errinfo_what("Cannot convert IP to v4 or v6.") ); } }
void XRuleTime::xrule_impl( IronBee::Transaction tx, ActionSet& actions ) { if (actions.overrides(m_action)) { /* Get tx start time, shifted into the local time zone. */ boost::posix_time::ptime tx_start = tx.started_time() + m_zone_info->base_utc_offset(); std::ostringstream os; std::locale loc( os.getloc(), new boost::posix_time::time_facet("%H:%M:%S")); os.imbue(loc); os << "Checking current time " << tx_start << " against window " << m_start_time << "-" << m_end_time << "."; ib_log_debug_tx(tx.ib(), "%s", os.str().c_str()); bool in_window = ( m_start_time.time_of_day() <= tx_start.time_of_day() && tx_start.time_of_day() < m_end_time.time_of_day() ); // If any days of the week are specified in our window... if (m_days.size() > 0) { // ...get the day of the week... short dow = boost::gregorian::gregorian_calendar::day_of_week( tx_start.date().year_month_day()); // ...and update the in_window boolean. in_window &= (m_days.find(dow) != m_days.end()); } // If we are in the window specified (considering the // m_invert member) then execute the associated action. if (in_window ^ m_invert) { ib_log_debug_tx(tx.ib(), "XRuleTime was matched."); actions.set(m_action); } else { ib_log_debug_tx(tx.ib(), "XRuleTime was not matched."); } } else { ib_log_debug_tx( tx.ib(), "Skipping rule as action does not override tx actions."); } }
void XRulePath::xrule_impl( IronBee::Transaction tx, ActionSet& actions ) { if (actions.overrides(m_action)) { const std::string tx_path(tx.ib()->path); if (tx_path.length() >= m_path.length() && tx_path.compare(0, m_path.length(), m_path) == 0) { actions.set(m_action); } } else { ib_log_debug_tx( tx.ib(), "Skipping rule as action does not override tx actions."); } }
void XRuleContentType::xrule_impl( IronBee::Transaction tx, ActionSet& actions ) { if (actions.overrides(m_action)) { if (m_any) { if ( has_field(tx, m_content_type_field) && !has_field(tx, m_content_length_field) && !has_field(tx, m_transport_encoding_field) ) { actions.set(m_action); } } else if (m_none) { if ( !has_field(tx, m_content_type_field) && ( has_field(tx, m_content_length_field) || has_field(tx, m_transport_encoding_field) ) ) { actions.set(m_action); } } else { const ib_list_t *clist = NULL; ib_var_target_t *target; // Fetch list of fields. IronBee::throw_if_error( ib_var_target_acquire_from_string( &target, tx.memory_manager().ib(), ib_engine_var_config_get(tx.engine().ib()), m_content_type_field.data(), m_content_type_field.length() ), "Failed to acquire content type target."); IronBee::throw_if_error( ib_var_target_get( target, &clist, tx.memory_manager().ib(), tx.ib()->var_store ), "Failed to retrieve content type field."); IronBee::ConstList<ib_field_t *> list(clist); if (list.size() > 0) { const std::string content_type = IronBee::ConstField(list.front()).to_s(); ib_log_debug_tx( tx.ib(), "Checking content type value \"%s\".", content_type.c_str()); // Is the content type in the set. if (m_content_types.count(content_type) > 0) { ib_log_debug_tx( tx.ib(), "Content type matched."); actions.set(m_action); } } else { ib_log_debug_tx( tx.ib(), "No Content-Type header values. Rule not evaluated."); } } } else { ib_log_debug_tx( tx.ib(), "Skipping rule as action does not override tx actions."); } }
void XRuleGeo::xrule_impl(IronBee::Transaction tx, ActionSet& actions) { if (actions.overrides(m_action)) { ib_var_target_t *target; const ib_list_t *clist; ib_log_debug_tx( tx.ib(), "Running GeoIP check for %s", m_country.c_str()); IronBee::throw_if_error( ib_var_target_acquire_from_string( &target, tx.memory_manager().ib(), ib_engine_var_config_get(tx.engine().ib()), IB_S2SL(GEOIP_FIELD) ), "Failed to acquire GeoIP source." ); IronBee::throw_if_error( ib_var_target_get_const( target, &clist, tx.memory_manager().ib(), tx.ib()->var_store ), "Failed to retrieve GeoIP field." ); IronBee::ConstList<const ib_field_t *> ls(clist); if (ls.size() < 1) { ib_log_info_tx( tx.ib(), "No GeoIP fields. Not filtering on GeoIP."); } else { try { IronBee::ConstByteString bs( IronBee::ConstField(ls.front()). value_as_byte_string()); ib_log_debug_tx( tx.ib(), "Matching GeoIP input %.*s against country %.*s.", static_cast<int>(bs.length()), bs.const_data(), static_cast<int>(m_country.length()), m_country.data()); if (boost::iequals(bs.to_s(), m_country)) { ib_log_debug_tx(tx.ib(), "GeoIP match."); actions.set(m_action); } else { ib_log_debug_tx(tx.ib(), "No GeoIP match."); } } catch (const IronBee::einval& e) { ib_log_error_tx( tx.ib(), "GeoIP field is not a byte string field. " "This XRule cannot run." ); } } } else { ib_log_debug_tx( tx.ib(), "Skipping rule as action does not override tx actions."); } }