wafris 2.0.6 → 2.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/wafris/proxy_filter.rb +22 -0
  3. data/lib/wafris/version.rb +1 -1
  4. data/lib/wafris.rb +26 -12
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0526847233d7c6d16c4c437e3e76027820b992e2a2973742d375b75f482d3597'
4
- data.tar.gz: 39b2d2396ce30df2cd1705fe1b9716d1e8f39e41acd5efbc0d825da026c3e548
3
+ metadata.gz: 18143fac18debaf1b85c3b0bcef4deef24ea2fd27fbfaca36969a860e2ba1829
4
+ data.tar.gz: cc6c953ec32d817b2484336902c9474fea514a47d1e43860f7699bed2a79524e
5
5
  SHA512:
6
- metadata.gz: 6beef692dfedb3bb7d59c78467f8203e72b1dc437f6f9c72ea1f4ef91f4bbc85fbea253a84d3225a437b3094343829c14599d4cab3a3fbcc58f56bf05542237d
7
- data.tar.gz: bcea98d516104532ac58875f408969e207e221abe3658b9c0ab07f90d6132dbb0e3145d8e17c99621c702257fd7badfbd999493f86ff73429b7640268f644494
6
+ metadata.gz: 73d478b06f745fc49c2f073466c931fe118ed1a3fc127ad6598087d5aab1d2f5009bac3dc588aa597f802402cbc0262a147866f43815ef9e4f0ba0d73a4be592
7
+ data.tar.gz: 1ce9b2e491f7c776ee0ec113d515b5c9a47bfc1ee5debd0a59a0684e81771870a022886131fc8c7605776d6c52e52f1854f318b41cc63b9240c897203e83e39b
data/lib/wafris/proxy_filter.rb CHANGED
@@ -1,3 +1,25 @@
1
+ # This file includes code from the https://github.com/rack/rack project,
2
+ # which is licensed under the MIT License.
3
+ # Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
4
+ #
5
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ # of this software and associated documentation files (the "Software"), to deal
7
+ # in the Software without restriction, including without limitation the rights
8
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ # copies of the Software, and to permit persons to whom the Software is
10
+ # furnished to do so, subject to the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be included in
13
+ # all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ # THE SOFTWARE.
22
+
1
23
  # frozen_string_literal: true
2
24
 
3
25
  module Wafris
data/lib/wafris/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Wafris
4
- VERSION = "2.0.6"
4
+ VERSION = "2.0.7"
5
5
  end
data/lib/wafris.rb CHANGED
@@ -19,6 +19,19 @@ module Wafris
19
19
  class << self
20
20
  attr_accessor :configuration
21
21
 
22
+ ALLOWED_IP = "ai"
23
+ ALLOWED_CIDR = "ac"
24
+ BLOCKED_IP = "bi"
25
+ BLOCKED_CIDR = "bc"
26
+ BLOCKED_REPUTATION = "brep"
27
+ BLOCKED_COUNTRY = "bctry"
28
+ BLOCKED_USER_AGENT = "bu"
29
+ BLOCKED_PATH = "bp"
30
+ BLOCKED_PARAM = "bparam"
31
+ BLOCKED_HOST = "bh"
32
+ BLOCKED_METHOD = "bm"
33
+ BLOCKED_RATE_LIMIT = "brl"
34
+
22
35
  def configure
23
36
  self.configuration ||= Wafris::Configuration.new
24
37
  yield(configuration)
@@ -434,34 +447,35 @@ module Wafris
434
447
  SQLite3::Database.new "#{@configuration.db_file_path}/#{data_subscriptions_db_filename}"
435
448
 
436
449
  ip = request.ip
437
- return queue_upsync_request(request, "Allowed", "ai", ip) if exact_match(ip, "allowed_ips", rules_db)
438
- return queue_upsync_request(request, "Allowed", "ac", ip) if ip_in_cidr_range(ip, "allowed_cidr_ranges", rules_db)
439
- return queue_upsync_request(request, "Blocked", "bi", ip) if exact_match(ip, "blocked_ips", rules_db)
440
- return queue_upsync_request(request, "Blocked", "bc", ip) if ip_in_cidr_range(ip, "blocked_cidr_ranges", rules_db)
450
+
451
+ return queue_upsync_request(request, "Allowed", ALLOWED_IP, ip) if exact_match(ip, "allowed_ips", rules_db)
452
+ return queue_upsync_request(request, "Allowed", ALLOWED_CIDR, ip) if ip_in_cidr_range(ip, "allowed_cidr_ranges", rules_db)
453
+ return queue_upsync_request(request, "Blocked", BLOCKED_IP, ip) if exact_match(ip, "blocked_ips", rules_db)
454
+ return queue_upsync_request(request, "Blocked", BLOCKED_CIDR, ip) if ip_in_cidr_range(ip, "blocked_cidr_ranges", rules_db)
441
455
 
442
456
  country_code = get_country_code(ip, data_subscriptions_db)
443
- return queue_upsync_request(request, "Blocked", "bs", "G_#{country_code}") if exact_match(country_code, "blocked_country_codes", rules_db)
457
+ return queue_upsync_request(request, "Blocked", BLOCKED_COUNTRY, "G_#{country_code}") if exact_match(country_code, "blocked_country_codes", rules_db)
444
458
 
445
459
  # Blocked Reputation IP Ranges
446
- return queue_upsync_request(request, "Blocked", "bs", "R") if ip_in_cidr_range(ip, "reputation_ip_ranges", data_subscriptions_db)
460
+ return queue_upsync_request(request, "Blocked", BLOCKED_REPUTATION, "R") if ip_in_cidr_range(ip, "reputation_ip_ranges", data_subscriptions_db)
447
461
 
448
462
  user_agent_match = substring_match(request.user_agent, "blocked_user_agents", rules_db)
449
- return queue_upsync_request(request, "Blocked", "bu", user_agent_match) if user_agent_match
463
+ return queue_upsync_request(request, "Blocked", BLOCKED_USER_AGENT, user_agent_match) if user_agent_match
450
464
 
451
465
  path_match = substring_match(request.path, "blocked_paths", rules_db)
452
- return queue_upsync_request(request, "Blocked", "bp", path_match) if path_match
466
+ return queue_upsync_request(request, "Blocked", BLOCKED_PATH, path_match) if path_match
453
467
 
454
468
  parameters_match = substring_match(request.parameters, "blocked_parameters", rules_db)
455
- return queue_upsync_request(request, "Blocked", "ba", parameters_match) if parameters_match
469
+ return queue_upsync_request(request, "Blocked", BLOCKED_PARAM, parameters_match) if parameters_match
456
470
 
457
- return queue_upsync_request(request, "Blocked", "bh", request.host) if exact_match(request.host, "blocked_hosts", rules_db)
471
+ return queue_upsync_request(request, "Blocked", BLOCKED_HOST, request.host) if exact_match(request.host, "blocked_hosts", rules_db)
458
472
 
459
- return queue_upsync_request(request, "Blocked", "bm", request.method) if exact_match(request.method, "blocked_methods", rules_db)
473
+ return queue_upsync_request(request, "Blocked", BLOCKED_METHOD, request.method) if exact_match(request.method, "blocked_methods", rules_db)
460
474
 
461
475
  # Rate Limiting
462
476
  rule_id = check_rate_limit(ip, request.path, request.method, rules_db)
463
477
  if rule_id
464
- return queue_upsync_request(request, "Blocked", "brl", rule_id)
478
+ return queue_upsync_request(request, "Blocked", BLOCKED_RATE_LIMIT, rule_id)
465
479
  end
466
480
  end
467
481
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wafris
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.6
4
+ version: 2.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Buckbee
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-10-23 00:00:00.000000000 Z
12
+ date: 2024-10-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack