1
0
Fork 0
mirror of https://github.com/transmission/transmission synced 2025-01-02 21:16:04 +00:00

feat: log when RPC server reject requests (#7114)

This commit is contained in:
Yat Ho 2024-12-13 06:12:02 +08:00 committed by GitHub
parent d1dfed4588
commit 31a63f0045
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -332,6 +332,9 @@ void handle_web_client(struct evhttp_request* req, tr_rpc_server const* server)
if (tr_strv_contains(subpath, ".."sv)) if (tr_strv_contains(subpath, ".."sv))
{ {
tr_logAddWarn(fmt::format(
fmt::runtime(_("Rejected request from {host} (possible directory traversal attack)")),
fmt::arg("host", req->remote_host)));
send_simple_response(req, HTTP_NOTFOUND); send_simple_response(req, HTTP_NOTFOUND);
} }
else else
@ -476,12 +479,18 @@ void handle_request(struct evhttp_request* req, void* arg)
if (server->is_anti_brute_force_enabled() && server->login_attempts_ >= server->settings().anti_brute_force_limit) if (server->is_anti_brute_force_enabled() && server->login_attempts_ >= server->settings().anti_brute_force_limit)
{ {
tr_logAddWarn(fmt::format(
fmt::runtime(_("Rejected request from {host} (brute force protection active)")),
fmt::arg("host", req->remote_host)));
send_simple_response(req, HttpErrorForbidden); send_simple_response(req, HttpErrorForbidden);
return; return;
} }
if (!is_address_allowed(server, req->remote_host)) if (!is_address_allowed(server, req->remote_host))
{ {
tr_logAddWarn(fmt::format(
fmt::runtime(_("Rejected request from {host} (IP not whitelisted)")),
fmt::arg("host", req->remote_host)));
send_simple_response(req, HttpErrorForbidden); send_simple_response(req, HttpErrorForbidden);
return; return;
} }
@ -503,6 +512,9 @@ void handle_request(struct evhttp_request* req, void* arg)
if (!is_authorized(server, evhttp_find_header(req->input_headers, "Authorization"))) if (!is_authorized(server, evhttp_find_header(req->input_headers, "Authorization")))
{ {
tr_logAddWarn(fmt::format(
fmt::runtime(_("Rejected request from {host} (failed authentication)")),
fmt::arg("host", req->remote_host)));
evhttp_add_header(req->output_headers, "WWW-Authenticate", "Basic realm=\"" MY_REALM "\""); evhttp_add_header(req->output_headers, "WWW-Authenticate", "Basic realm=\"" MY_REALM "\"");
if (server->is_anti_brute_force_enabled()) if (server->is_anti_brute_force_enabled())
{ {
@ -541,6 +553,9 @@ void handle_request(struct evhttp_request* req, void* arg)
"<p>This requirement has been added to help prevent " "<p>This requirement has been added to help prevent "
"<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> " "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
"attacks.</p>"; "attacks.</p>";
tr_logAddWarn(fmt::format(
fmt::runtime(_("Rejected request from {host} (Host not whitelisted)")),
fmt::arg("host", req->remote_host)));
send_simple_response(req, 421, tmp); send_simple_response(req, 421, tmp);
} }
#ifdef REQUIRE_SESSION_ID #ifdef REQUIRE_SESSION_ID
@ -571,6 +586,10 @@ void handle_request(struct evhttp_request* req, void* arg)
} }
else else
{ {
tr_logAddWarn(fmt::format(
fmt::runtime(_("Unknown URI from {host}: '{uri}'")),
fmt::arg("host", req->remote_host),
fmt::arg("uri", uri)));
send_simple_response(req, HTTP_NOTFOUND, req->uri); send_simple_response(req, HTTP_NOTFOUND, req->uri);
} }
} }