bpalmen-httpbl 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Changelog +4 -0
- data/LICENSE +21 -0
- data/README +137 -0
- data/lib/httpbl.rb +49 -0
- metadata +65 -0
data/Changelog
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2009 Brandon Palmen
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,137 @@
|
|
1
|
+
HttpBL
|
2
|
+
===========
|
3
|
+
|
4
|
+
HttpBL is drop-in IP-filtering middleware for Rails 2.3+ and other Rack-based
|
5
|
+
applications. It resolves information about each request's source IP address
|
6
|
+
from the Http:BL service at http://projecthoneypot.org, and denies access to
|
7
|
+
clients whose IP addresses are associated with suspicious behavior like impolite
|
8
|
+
crawling, comment-spamming, dictionary attacks, and email-harvesting.
|
9
|
+
|
10
|
+
* Deny access to IP addresses that are associated with suspicious
|
11
|
+
behavior which exceeds a customizable threshold.
|
12
|
+
* Expire blocked IPs that have not been associated with suspicious
|
13
|
+
behavior after a customizable period of days.
|
14
|
+
* Identify common search engines by IP address (not User-Agent), and
|
15
|
+
disallow access to a specific subset.
|
16
|
+
|
17
|
+
Installation
|
18
|
+
------------
|
19
|
+
|
20
|
+
gem install httpbl
|
21
|
+
|
22
|
+
Basic Usage
|
23
|
+
------------
|
24
|
+
|
25
|
+
HttpBL is Rack middleware, and can be used with any Rack-based application. First,
|
26
|
+
you must obtain an API key for the Http:BL service at http://projecthoneypot.org
|
27
|
+
|
28
|
+
To add HttpBL to your middleware stack, simply add the following to config.ru:
|
29
|
+
|
30
|
+
require 'httpbl'
|
31
|
+
|
32
|
+
use HttpBL, :api_key => "YOUR API KEY"
|
33
|
+
|
34
|
+
For Rails 2.3+ add the following to environment.rb:
|
35
|
+
|
36
|
+
config.gem 'httpbl'
|
37
|
+
|
38
|
+
config.middleware.use HttpBL, :api_key => "YOUR API KEY"
|
39
|
+
|
40
|
+
Advanced Usage
|
41
|
+
-------------
|
42
|
+
|
43
|
+
To insert HttpBL at the top of the Rails rackstack:
|
44
|
+
(use 'rake middleware' to confirm that Rack::Lock is at the top of the stack)
|
45
|
+
|
46
|
+
config.middleware.insert_before(Rack::Lock, HttpBL, :api_key => "YOUR API KEY")
|
47
|
+
|
48
|
+
To customize HttpBL's filtering behavior, use the available options:
|
49
|
+
|
50
|
+
use HttpBL, :api_key => "YOUR API KEY",
|
51
|
+
:deny_types => [1, 2, 4],
|
52
|
+
:threat_level_threshold => 0,
|
53
|
+
:age_threshold => 5,
|
54
|
+
:blocked_search_engines => [0]
|
55
|
+
|
56
|
+
Available Options:
|
57
|
+
|
58
|
+
The following options (shown with default values) are available to
|
59
|
+
customize the particular types of suspicious activity you wish to thwart:
|
60
|
+
|
61
|
+
:deny_types => [1, 2, 4, 8, 16, 32, 64, 128]
|
62
|
+
|
63
|
+
Project Honeypot classifies suspicious behavior as belonging to
|
64
|
+
certain types, which are identified in the API's response to
|
65
|
+
each IP lookup. You can tell HttpBL to only deny certain kinds
|
66
|
+
of behavior by changing this to a subset of those possible.
|
67
|
+
|
68
|
+
As of March 2009, only types 1, 2, and 4 have been specified,
|
69
|
+
but additional types are reserved for the future and HttpBL checks
|
70
|
+
against all of the anticipated type codes by default. Thus,
|
71
|
+
there may be a very small performance advantage to setting
|
72
|
+
:deny_types => [1, 2, 4] simply to exclude checks for codes
|
73
|
+
that aren't (yet) being used; however, this will have to be
|
74
|
+
updated if more codes come into use, whereas the default
|
75
|
+
requires no further attention.
|
76
|
+
|
77
|
+
The current types are:
|
78
|
+
1: Suspicious
|
79
|
+
2: Harvester
|
80
|
+
4: Comment Spammer
|
81
|
+
|
82
|
+
:threat_level_threshold => 2
|
83
|
+
|
84
|
+
The threat level reported by Project Honeypot is based on a
|
85
|
+
logarithmic scale, approximated by:
|
86
|
+
1: 1 spam
|
87
|
+
25: 100 spam
|
88
|
+
50: 10,000 spam
|
89
|
+
100: 1,000,000 spam.
|
90
|
+
in which spam is pronounced spam even in the plural.
|
91
|
+
|
92
|
+
Choosing a threat level threshold can be tricky business if
|
93
|
+
one isn't sure how accurate the measure of threat is, since it
|
94
|
+
would be improper to block legitimate traffic by mistake. Because
|
95
|
+
the email addresses that Project Honeypot uses as spam-bait are unique,
|
96
|
+
artificial, and well-hidden, NO email should be sent to those addresses
|
97
|
+
at all, and it is fair to assume that even the low threat level
|
98
|
+
associated with just a few spam is still significant.
|
99
|
+
|
100
|
+
With that in mind, the default threshold is 2; if you want to
|
101
|
+
filter more aggressively, set :threat_level_threshold => 0
|
102
|
+
|
103
|
+
:age_threshold => 10
|
104
|
+
|
105
|
+
This sets the number of days that IP addresses that have been
|
106
|
+
associated with suspicous activity must wait to regain access after
|
107
|
+
the suspicious activity has ceased. Keeping this at a sane value will
|
108
|
+
allow IPs that are reassigned or cleaned up to expire from the blacklist.
|
109
|
+
|
110
|
+
If you want to be more aggressive (require a longer cool-off-period),
|
111
|
+
set :age_threshold => 30; if you want to let IPs back in after just a
|
112
|
+
few days, set :age_threshold => 5
|
113
|
+
|
114
|
+
:blocked_search_engines => []
|
115
|
+
|
116
|
+
Because Project Honeypot identifies search engine traffic by IP
|
117
|
+
address, this filter may be used to exclude certain robots from your
|
118
|
+
site. If one presumes that request-IPs are at least marginally more
|
119
|
+
difficult to spoof than User-Agent strings, this filter may be marginally
|
120
|
+
more effective than some other robot detection systems.
|
121
|
+
|
122
|
+
If there are particular search engines that you would like to exclude
|
123
|
+
from your site, set :blocked_search_engines => [0, ... ] where the codes
|
124
|
+
defined by http://projecthoneypot.org/httpbl_api are:
|
125
|
+
|
126
|
+
0: Misc
|
127
|
+
1: AltaVista
|
128
|
+
2: Ask
|
129
|
+
3: Baidu
|
130
|
+
4: Excite
|
131
|
+
5: Google
|
132
|
+
6: Looksmart
|
133
|
+
7: Lycos
|
134
|
+
8: MSN
|
135
|
+
9: Yahoo
|
136
|
+
10: Cuil
|
137
|
+
11: InfoSeek
|
data/lib/httpbl.rb
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# The Httpbl middleware
|
2
|
+
|
3
|
+
class HttpBL
|
4
|
+
autoload :Resolv, 'resolv'
|
5
|
+
|
6
|
+
def initialize(app, options = {})
|
7
|
+
@app = app
|
8
|
+
@options = {:blocked_search_engines => [],
|
9
|
+
:age_threshold => 10,
|
10
|
+
:threat_level_threshold => 2,
|
11
|
+
:deny_types => [1, 2, 4, 8, 16, 32, 64, 128]
|
12
|
+
# 8..128 aren't used as of 3/2009, but might be used in the future
|
13
|
+
}.merge(options)
|
14
|
+
raise "Missing :api_key for Http:BL middleware" unless @options[:api_key]
|
15
|
+
end
|
16
|
+
|
17
|
+
def call(env)
|
18
|
+
dup._call(env)
|
19
|
+
end
|
20
|
+
|
21
|
+
def _call(env)
|
22
|
+
ip = Rack::Request.new(env).ip
|
23
|
+
query = @options[:api_key] + '.' + ip.split('.').reverse.join('.') + '.dnsbl.httpbl.org'
|
24
|
+
@bl_response = (Resolv::DNS.new.getaddress(query).to_s rescue nil)
|
25
|
+
if @bl_response and blocked?(@bl_response)
|
26
|
+
[403, {"Content-Type" => "text/html"}, "<h1>403 Forbidden</h1> Request IP is listed as suspicious by <a href='http://projecthoneypot.org/ip_#{ip}'>Project Honeypot</a>"]
|
27
|
+
else
|
28
|
+
@app.call(env)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def blocked?(response)
|
33
|
+
response = response.split('.').collect!(&:to_i)
|
34
|
+
if response[0] == 127
|
35
|
+
if response[3] == 0
|
36
|
+
@blocked = true if @options[:blocked_search_engines].include? response[2]
|
37
|
+
else
|
38
|
+
@age = true if response[1] < @options[:age_threshold]
|
39
|
+
@threat = true if response[2] > @options[:threat_level_threshold]
|
40
|
+
@options[:deny_types].each do |key|
|
41
|
+
@deny = true if response[3] & key == key
|
42
|
+
end
|
43
|
+
@blocked = true if @deny and @threat and @age
|
44
|
+
end
|
45
|
+
end
|
46
|
+
return @blocked
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
metadata
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: bpalmen-httpbl
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Brandon Palmen
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-03-20 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rack
|
17
|
+
type: :runtime
|
18
|
+
version_requirement:
|
19
|
+
version_requirements: !ruby/object:Gem::Requirement
|
20
|
+
requirements:
|
21
|
+
- - ~>
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: "0.4"
|
24
|
+
version:
|
25
|
+
description: HttpBL is a Rack/Rails middleware filter that blocks requests from suspicious IP addresses.
|
26
|
+
email: brandon.palmen@gmail.com
|
27
|
+
executables: []
|
28
|
+
|
29
|
+
extensions: []
|
30
|
+
|
31
|
+
extra_rdoc_files:
|
32
|
+
- README
|
33
|
+
files:
|
34
|
+
- README
|
35
|
+
- Changelog
|
36
|
+
- LICENSE
|
37
|
+
- lib/httpbl.rb
|
38
|
+
has_rdoc: false
|
39
|
+
homepage:
|
40
|
+
post_install_message:
|
41
|
+
rdoc_options: []
|
42
|
+
|
43
|
+
require_paths:
|
44
|
+
- lib
|
45
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: "0"
|
50
|
+
version:
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: "0"
|
56
|
+
version:
|
57
|
+
requirements: []
|
58
|
+
|
59
|
+
rubyforge_project:
|
60
|
+
rubygems_version: 1.2.0
|
61
|
+
signing_key:
|
62
|
+
specification_version: 2
|
63
|
+
summary: HttpBL is a Rack/Rails middleware filter that blocks requests from suspicious IP addresses.
|
64
|
+
test_files: []
|
65
|
+
|