ANTISPAM: included dnsbl_check - DNS Blackhole Lists check [thanks to joost from http://www.spacebabies.nl ]
This commit is contained in:
parent
d7508a34ab
commit
bdf5ab51ef
4 changed files with 96 additions and 2 deletions
|
@ -1,8 +1,8 @@
|
|||
# The filters added to this controller will be run for all controllers in the application.
|
||||
# Likewise will all the methods added be available for all controllers.
|
||||
class ApplicationController < ActionController::Base
|
||||
|
||||
before_filter :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
|
||||
# require 'dnsbl_check'
|
||||
before_filter :dnsbl_check, :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
|
||||
after_filter :remember_location, :teardown_url_generator
|
||||
|
||||
# For injecting a different wiki model implementation. Intended for use in tests
|
||||
|
|
35
vendor/plugins/dnsbl_check/README
vendored
Normal file
35
vendor/plugins/dnsbl_check/README
vendored
Normal file
|
@ -0,0 +1,35 @@
|
|||
This plugin checks if the client is listed in RBLs (Real-time Blackhole Lists).
|
||||
These are lists of IP addresses misbehaving. There are many RBLs, some are more
|
||||
aggressive than others. More information at http://en.wikipedia.org/wiki/DNSBL
|
||||
|
||||
This filter will result in one DNS request for every blocklist that you have
|
||||
configured. This might be problematic for sites under heavy load, although this
|
||||
plugin has been used on high-traffic sites without any problem. One DNS
|
||||
request takes a few miliseconds to complete, after all.
|
||||
|
||||
|
||||
INSTALLATION
|
||||
|
||||
1. Download dnsbl_check-(version).tar.gz. You agree to the license.
|
||||
2. Go to your application's 'vendor/plugins' directory
|
||||
3. Untar (un-winzip) the above file: tar xvfz dnsbl_check.tar.gz
|
||||
4. Restart your application.
|
||||
|
||||
|
||||
VERSION HISTORY
|
||||
|
||||
0.1 18 June 2006 Initial release
|
||||
0.2 10 June 2006 Renamed to dnsbl_check, bugfix
|
||||
0.3 20 June 2006 Removed sorbs from distribution, was not supposed to be included (too aggressive)
|
||||
0.4 18 July 2006 Explicit return false added, moved to a per-controller basis (not global anymore)
|
||||
1.0 16 August 2006 Renamed 0.4 to 1.0. I have been using the plugin very succesfully for months now.
|
||||
1.1 17 October 2006 Multithreaded version
|
||||
1.2 23 October 2006 Using the native Ruby resolver library for better multithreaded support
|
||||
1.2.1 25 October 2006 Accepts a wider range of dns responses
|
||||
1.2.2 11 December 2006 dnsbls are seemingly under attack, added code to cope with failing service
|
||||
|
||||
|
||||
MORE INFORMATION
|
||||
|
||||
http://spacebabies.nl/dnsbl_check/
|
||||
joost@spacebabies.nl
|
1
vendor/plugins/dnsbl_check/init.rb
vendored
Normal file
1
vendor/plugins/dnsbl_check/init.rb
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
ActionController::Base.send :include, DNSBL_Check
|
58
vendor/plugins/dnsbl_check/lib/dnsbl_check.rb
vendored
Normal file
58
vendor/plugins/dnsbl_check/lib/dnsbl_check.rb
vendored
Normal file
|
@ -0,0 +1,58 @@
|
|||
# This plugin checks if the client is listed in DNSBLs (DNS Blackhole Lists).
|
||||
# These are lists of IP addresses misbehaving. There are many DNSBLs, some are more
|
||||
# aggressive than others. More information at http://en.wikipedia.org/wiki/DNSBL
|
||||
#
|
||||
# This plugin will perform one DNS request per client per blocklist.
|
||||
# This plugin will deny service to clients those blocklists have listed.
|
||||
# Whether any of this is acceptable is up to you.
|
||||
#
|
||||
# mailto:joost@spacebabies.nl
|
||||
# License: MIT License, like Rails.
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
#
|
||||
# Version 1.2
|
||||
# http://www.spacebabies.nl/dnsbl_check
|
||||
require 'resolv'
|
||||
|
||||
module DNSBL_Check
|
||||
$dnsbl_passed ||= []
|
||||
DNSBLS = %w{list.dsbl.org bl.spamcop.net sbl-xbl.spamhaus.org}
|
||||
|
||||
private
|
||||
# Filter to check if the client is listed. This will be run before all requests.
|
||||
def dnsbl_check
|
||||
return true if $dnsbl_passed.include? request.remote_addr
|
||||
|
||||
passed = true
|
||||
threads = []
|
||||
request.remote_addr =~ /(\d+).(\d+).(\d+).(\d+)/
|
||||
|
||||
# Check the remote address against each dnsbl in a separate thread
|
||||
DNSBLS.each do |dnsbl|
|
||||
threads << Thread.new("#$4.#$3.#$2.#$1.#{dnsbl}") do |host|
|
||||
logger.warn("Checking DNSBL #{host}")
|
||||
addr = Resolv.getaddress("#{host}") rescue ''
|
||||
if addr[0,7]=="127.0.0"
|
||||
logger.info("#{request.remote_addr} found using DNSBL #{host}")
|
||||
passed = false
|
||||
end
|
||||
end
|
||||
end
|
||||
threads.each {|thread| thread.join(2)} # join threads, but use timeout to kill blocked ones
|
||||
|
||||
# Add client ip to global passed cache if no dnsbls objected. else deny service.
|
||||
if passed
|
||||
$dnsbl_passed = $dnsbl_passed[0,49].unshift request.remote_addr
|
||||
logger.warn("#{request.remote_addr} added to DNSBL passed cache")
|
||||
else
|
||||
render :text => 'Access denied', :status => 403
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue