ghazel-httpbl 0.1.6.1

data/CHANGELOG

@@ -0,0 +1,5 @@
+v0.1.6.1. Syntax error fixes from ghazel.
+
+v0.1.6. Adding memcache-client option to enable per-session lookups instead of per-request.  General refactoring.
+
+v0.1.3. First public test release, not ready for production

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2009 Brandon Palmen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Manifest

@@ -0,0 +1,7 @@
+README
+lib/httpbl.rb
+Rakefile
+httpbl.gemspec
+CHANGELOG
+LICENSE
+Manifest

data/README

@@ -0,0 +1,168 @@
+HttpBL
+===========
+
+HttpBL is drop-in IP-filtering middleware for Rails 2.3+ and other Rack-based 
+applications. It resolves information about each request's source IP address 
+from the Http:BL service at http://projecthoneypot.org, and denies access to
+clients whose IP addresses are associated with suspicious behavior like impolite
+crawling, comment-spamming, dictionary attacks, and email-harvesting.
+
+	*	Deny access to IP addresses that are associated with suspicious 
+		behavior which exceeds a customizable threshold.
+	*	Expire blocked IPs that have not been associated with suspicious
+		behavior after a customizable period of days.
+	* 	Identify common search engines by IP address (not User-Agent), and
+		disallow access to a specific subset.
+	*	Optionally use memcached to avoid repeated look-ups per client-session
+
+Installation
+------------
+
+	gem install httpbl
+	
+Basic Usage
+------------
+
+HttpBL is Rack middleware, and can be used with any Rack-based application. First,
+you must obtain an API key for the Http:BL service at http://projecthoneypot.org
+
+To add HttpBL to your middleware stack, simply add the following to config.ru:
+
+	require 'httpbl'
+	
+	use HttpBL, :api_key => "YOUR API KEY"
+	
+For Rails 2.3+ add the following to environment.rb:
+	
+	require 'httpbl'
+	
+	config.middleware.use HttpBL, :api_key => "YOUR API KEY"
+	
+Advanced Usage
+-------------
+
+To insert HttpBL at the top of the Rails rackstack:
+	(use 'rake middleware' to confirm that Rack::Lock is at the top of the stack)
+	
+	config.middleware.insert_before(Rack::Lock, HttpBL, :api_key => "YOUR API KEY")
+	
+To customize HttpBL's filtering behavior, use the available options:
+
+	use HttpBL, :api_key => "YOUR API KEY",
+				:deny_types => [1, 2, 4],
+				:threat_level_threshold => 0,
+				:age_threshold => 5,
+				:blocked_search_engines => [0],
+				:memcached_server => "127.0.0.1:11211",
+				:memcached_options => {see: memcache-client documentation}
+
+Available Options:
+
+The following options (shown with default values) are available to 
+customize the behavior of the httpbl middleware filter:
+
+	:deny_types => [1, 2, 4, 8, 16, 32, 64, 128]
+		
+		Project Honeypot classifies suspicious behavior as belonging to
+		certain types, which are identified in the API's response to
+		each IP lookup. You can tell HttpBL to only deny certain kinds
+		of behavior by changing this to a subset of those possible.
+		
+		As of March 2009, only types 1, 2, and 4 have been specified,
+		but additional types are reserved for the future and HttpBL checks
+		against all of the anticipated type codes by default.  Thus, 
+		there may be a very small performance advantage to setting
+		:deny_types => [1, 2, 4] simply to exclude checks for codes 
+		that aren't (yet) being used; however, this will have to be 
+		updated if more codes come into use, whereas the default 
+		requires no further attention.
+		
+		The current types are:
+			1: Suspicious
+			2: Harvester
+			4: Comment Spammer
+			
+	:threat_level_threshold => 2
+	
+		The threat level reported by Project Honeypot is based on a 
+		logarithmic scale, approximated by:
+			1: 1 spam
+			25: 100 spam
+			50: 10,000 spam
+			100: 1,000,000 spam.
+		in which spam is pronounced spam even in the plural.
+		
+		Choosing a threat level threshold can be tricky business if
+		one isn't sure how accurate the measure of threat is, since it 
+		would be improper to block legitimate traffic by mistake. Because
+		the email addresses that Project Honeypot uses as spam-bait are unique,
+		artificial, and well-hidden, NO email should be sent to those addresses
+		at all, and it is fair to assume that even the low threat level 
+		associated with just a few spam is still significant.
+		
+		With that in mind, the default threshold is 2; if you want to
+		filter more aggressively, set :threat_level_threshold => 0
+		
+	:age_threshold => 10
+		
+		This sets the number of days that IP addresses that have been
+		associated with suspicous activity must wait to regain access after
+		the suspicious activity has ceased. Keeping this at a sane value will
+		allow IPs that are reassigned or cleaned up to expire from the blacklist.
+		
+		If you want to be more aggressive (require a longer cool-off-period),
+		set :age_threshold => 30; if you want to let IPs back in after just a
+		few days, set :age_threshold => 5
+		
+	:blocked_search_engines => []
+	
+		Because Project Honeypot identifies search engine traffic by IP
+		address, this filter may be used to exclude certain robots from your
+		site. If one presumes that request-IPs are at least marginally more
+		difficult to spoof than User-Agent strings, this filter may be marginally
+		more effective than some other robot detection systems.
+		
+		If there are particular search engines that you would like to exclude
+		from your site, set :blocked_search_engines => [0, ... ] where the codes
+		defined by http://projecthoneypot.org/httpbl_api.php are:
+		
+			0: Undocumented
+			1: AltaVista	
+			2: Ask
+			3: Baidu
+			4: Excite
+			5: Google
+			6: Looksmart
+			7: Lycos
+			8: MSN
+			9: Yahoo
+			10: Cuil
+			11: InfoSeek
+			12: Miscellaneous
+	
+	:memcached_server => nil
+	:memcached_options => {}
+	
+		When using httpbl in a production environment, it is *strongly* recommended
+		that you configure httpbl to use memcached to temporarily store the blacklist
+		status of client ip addresses.  This greatly enhances the efficiency of the
+		filter because it need only look up each client ip address once per session,
+		instead of once per request.  It also reduces the potential burden of a 
+		popular web application that uses httpbl on project honeypot's api services.
+		
+		Simply set :memcached_server and :memcached_options according to the 
+		conventions of the memcache-client ruby library; for example:
+		:memcached_server => '127.0.0.1:11211', :memcached_options => {:namespace => 'my_app'}
+		
+		memcache-client is included in rails by default, but if you're using rack 
+		without rails, you will need to install and require the memcache-client gem. 
+	
+	:dns_timeout => 0.5
+	
+		DNS requests to the Http:BL service shouldn't take this long, but if
+		they do, you can modify this setting to prevent the request from 
+		hanging until a system default timeout.  Of course, setting this timeout 
+		too low will essentially disable the filter (but 0 is a bad idea), if responses
+		can't be returned from the API before the request is permitted.  
+		Best not to mess with it unless you know what you're doing - it's a safety 
+		mechanism. 

data/Rakefile

@@ -0,0 +1,7 @@
+require 'echoe'
+Echoe.new('ghazel-httpbl') do |p|
+  p.author = "Brandon Palmen"
+  p.summary = "A Rack middleware IP filter that uses Http:BL to exclude suspicious robots."
+  p.url = "http://github.com/bpalmen/httpbl"
+  p.runtime_dependencies = ["rack"]
+end

data/ghazel-httpbl.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{ghazel-httpbl}
+  s.version = "0.1.6.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Brandon Palmen"]
+  s.date = %q{2010-10-20}
+  s.description = %q{A Rack middleware IP filter that uses Http:BL to exclude suspicious robots.}
+  s.email = %q{}
+  s.extra_rdoc_files = ["README", "lib/httpbl.rb", "CHANGELOG", "LICENSE"]
+  s.files = ["README", "lib/httpbl.rb", "Rakefile", "httpbl.gemspec", "CHANGELOG", "LICENSE", "Manifest", "ghazel-httpbl.gemspec"]
+  s.homepage = %q{http://github.com/bpalmen/httpbl}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Ghazel-httpbl", "--main", "README"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{ghazel-httpbl}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{A Rack middleware IP filter that uses Http:BL to exclude suspicious robots.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack>, [">= 0"])
+    else
+      s.add_dependency(%q<rack>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rack>, [">= 0"])
+  end
+end

data/httpbl.gemspec

@@ -0,0 +1,22 @@
+Gem::Specification.new do |s|
+  s.name = 'httpbl'
+  s.version = '0.1.6.1'
+  s.date = '2009-05-28'
+  s.homepage = "http://bpalmen.github.com/httpbl/"   
+  s.authors = ["Brandon Palmen"]
+  s.email = "brandon.palmen@gmail.com"
+  s.rubyforge_project = 'httpbl'   
+  s.summary = "HttpBL is a Rack middleware filter that blocks requests from suspicious IP addresses."
+  s.description = "HttpBL is a Rack middleware filter that blocks requests from suspicious IP addresses."
+   
+  s.files = %w[ 
+    README
+    CHANGELOG
+    LICENSE
+    lib/httpbl.rb
+    ]
+  
+  s.add_dependency 'rack', '>= 0.9.0'
+  s.extra_rdoc_files = %w[README]
+  s.require_paths = %w[lib]
+end 

data/lib/httpbl.rb

@@ -0,0 +1,90 @@
+# The Httpbl middleware 
+
+class HttpBL
+  autoload :Resolv, 'resolv'
+
+  def self.encourage_safe_timeouts
+    if /^1\.8/ =~ RUBY_VERSION 
+      begin
+        require 'system_timer'
+        @@DnsTimeout = SystemTimer
+      rescue LoadError
+        require 'timeout'
+        @@DnsTimeout = Timeout
+      end
+    else
+      require 'timeout'
+      @@DnsTimeout = Timeout
+    end
+  end
+
+  encourage_safe_timeouts
+
+  def initialize(app, options = {})
+    @app = app
+    @options = {:blocked_search_engines => [],
+                :age_threshold => 10,
+                :threat_level_threshold => 2,
+                :deny_types => [1, 2, 4, 8, 16, 32, 64, 128], # 8..128 aren't used as of 10/2009, but might be used in the future
+                :dns_timeout => 0.5,
+                :memcached_server => nil,
+                :memcached_options => {}
+                }.merge(options)
+    raise "Missing :api_key for Http:BL middleware" unless @options[:api_key]
+    if @options[:memcached_server]
+      require 'memcache'
+      @cache = MemCache.new(@options[:memcached_server], @options[:memcached_options])
+    end
+  end
+  
+  def call(env)
+    dup._call(env)
+  end
+  
+  def _call(env)
+    request = Rack::Request.new(env)
+    bl_status = check(request.ip)
+    if bl_status and blocked?(bl_status)
+      [403, {"Content-Type" => "text/html"}, "<h1>403 Forbidden</h1> Request IP is listed as suspicious by <a href='http://projecthoneypot.org/ip_#{request.ip}'>Project Honeypot</a>"]
+    else
+      @app.call(env)
+    end
+    
+  end
+  
+  def check(ip)
+    @cache ? cache_check(ip) : resolve(ip)
+  end
+  
+  def cache_check(ip)
+    cache = @cache.clone if @cache
+    unless response = cache.get("httpbl_#{ip}")
+      response = resolve(ip)
+      cache.set("httpbl_#{ip}", (response || "0.0.0.0"), 1.hour)
+    end
+    return response
+  end
+  
+  def resolve(ip)
+    query = @options[:api_key] + '.' + ip.split('.').reverse.join('.') + '.dnsbl.httpbl.org'
+    @@DnsTimeout::timeout(@options[:dns_timeout]) do
+       Resolv::DNS.new.getaddress(query).to_s rescue false
+    end
+    rescue Timeout::Error, Errno::ECONNREFUSED
+  end
+  
+  def blocked?(response)
+    response = response.split('.').collect!(&:to_i)
+    if response[0] == 127 
+      if response[3] == 0
+        blocked = @options[:blocked_search_engines].include?(response[2])
+      else 
+        blocked = @options[:deny_types].collect{|key| response[3] & key == key }.any? and response[2] > @options[:threat_level_threshold] and response[1] < @options[:age_threshold]
+      end
+    end
+    return blocked
+  end
+
+private
+
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification 
+name: ghazel-httpbl
+version: !ruby/object:Gem::Version 
+  version: 0.1.6.1
+platform: ruby
+authors: 
+- Brandon Palmen
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-20 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: A Rack middleware IP filter that uses Http:BL to exclude suspicious robots.
+email: ""
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- lib/httpbl.rb
+- CHANGELOG
+- LICENSE
+files: 
+- README
+- lib/httpbl.rb
+- Rakefile
+- httpbl.gemspec
+- CHANGELOG
+- LICENSE
+- Manifest
+- ghazel-httpbl.gemspec
+has_rdoc: true
+homepage: http://github.com/bpalmen/httpbl
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Ghazel-httpbl
+- --main
+- README
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: ghazel-httpbl
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: A Rack middleware IP filter that uses Http:BL to exclude suspicious robots.
+test_files: []
+