mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-07-07 03:38:31 +00:00
Make some more fixes to prod
This commit is contained in:
parent
69bee64a59
commit
da336b3ea8
6 changed files with 90 additions and 28 deletions
|
@ -24,6 +24,6 @@
|
|||
*/
|
||||
bool IsTestnetIp(uint32_t x) {
|
||||
return (((x & 0xFFFFFF00u) == 0xC0000200u) /* 192.0.2.0/24 */ ||
|
||||
((x & 0xFFFFFF00u) == 0xC0000200u) /* 198.51.100.0/24 */ ||
|
||||
((x & 0xFFFFFF00u) == 0x0c6336400) /* 198.51.100.0/24 */ ||
|
||||
((x & 0xFFFFFF00u) == 0xCB007100u) /* 203.0.113.0/24 */);
|
||||
}
|
||||
|
|
|
@ -18,7 +18,6 @@ RELAY_HEADERS_TO_CLIENT = {
|
|||
'Content-Type',
|
||||
'Last-Modified',
|
||||
'Referrer-Policy',
|
||||
'Vary',
|
||||
}
|
||||
|
||||
function OnServerStart()
|
||||
|
@ -30,10 +29,27 @@ function OnWorkerStart()
|
|||
assert(unix.setrlimit(unix.RLIMIT_RSS, 2*1024*1024))
|
||||
assert(unix.setrlimit(unix.RLIMIT_CPU, 2))
|
||||
assert(unix.unveil(nil, nil))
|
||||
assert(unix.pledge("stdio inet", nil, unix.PLEDGE_PENALTY_RETURN_EPERM))
|
||||
assert(unix.pledge("stdio inet unix", nil, unix.PLEDGE_PENALTY_RETURN_EPERM))
|
||||
end
|
||||
|
||||
function OnHttpRequest()
|
||||
local ip = GetClientAddr()
|
||||
if not IsTrustedIp(ip) then
|
||||
local tok = AcquireToken(ip)
|
||||
if tok < 2 then
|
||||
if Blackhole(ip) then
|
||||
Log(kLogWarn, "banned %s" % {FormatIp(ip)})
|
||||
else
|
||||
Log(kLogWarn, "failed to ban %s" % {FormatIp(ip)})
|
||||
end
|
||||
end
|
||||
if tok < 30 then
|
||||
ServeError(429)
|
||||
SetHeader('Connection', 'close')
|
||||
Log(kLogWarn, "warned %s who has %d tokens" % {FormatIp(ip), tok})
|
||||
return
|
||||
end
|
||||
end
|
||||
local url = 'http://127.0.0.1' .. EscapePath(GetPath())
|
||||
local name = GetParam('name')
|
||||
if name then
|
||||
|
@ -49,7 +65,7 @@ function OnHttpRequest()
|
|||
['Referer'] = GetHeader('Referer'),
|
||||
['Sec-CH-UA-Platform'] = GetHeader('Sec-CH-UA-Platform'),
|
||||
['User-Agent'] = GetHeader('User-Agent'),
|
||||
['X-Forwarded-For'] = FormatIp(GetClientAddr())}})
|
||||
['X-Forwarded-For'] = FormatIp(ip)}})
|
||||
if status then
|
||||
SetStatus(status)
|
||||
for k,v in pairs(RELAY_HEADERS_TO_CLIENT) do
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#include "libc/sysv/consts/timer.h"
|
||||
#include "libc/time/struct/tm.h"
|
||||
#include "net/http/http.h"
|
||||
#include "net/http/ip.h"
|
||||
#include "third_party/getopt/getopt.h"
|
||||
#include "third_party/musl/passwd.h"
|
||||
|
||||
|
@ -355,7 +356,7 @@ void WritePid(void) {
|
|||
bool IsMyIp(uint32_t ip) {
|
||||
uint32_t *p;
|
||||
for (p = g_myips; *p; ++p) {
|
||||
if (ip == *p) {
|
||||
if (ip == *p && !IsTestnetIp(ip)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1029,8 +1029,6 @@ void *HttpWorker(void *arg) {
|
|||
"Cache-Control: max-age=3600, private\r\n"
|
||||
"Date: ");
|
||||
p = FormatDate(p);
|
||||
p = stpcpy(p, "\r\nX-Token-Count: ");
|
||||
p = FormatInt32(p, CountTokens(g_tok.b, ip, TB_CIDR));
|
||||
p = stpcpy(p, "\r\nContent-Length: ");
|
||||
p = FormatInt32(p, strlen(ipbuf));
|
||||
p = stpcpy(p, "\r\n\r\n");
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue