mirror of
https://github.com/transmission/transmission
synced 2025-01-02 21:16:04 +00:00
feat: log when RPC server reject requests (#7114)
This commit is contained in:
parent
d1dfed4588
commit
31a63f0045
1 changed files with 19 additions and 0 deletions
|
@ -332,6 +332,9 @@ void handle_web_client(struct evhttp_request* req, tr_rpc_server const* server)
|
||||||
|
|
||||||
if (tr_strv_contains(subpath, ".."sv))
|
if (tr_strv_contains(subpath, ".."sv))
|
||||||
{
|
{
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Rejected request from {host} (possible directory traversal attack)")),
|
||||||
|
fmt::arg("host", req->remote_host)));
|
||||||
send_simple_response(req, HTTP_NOTFOUND);
|
send_simple_response(req, HTTP_NOTFOUND);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -476,12 +479,18 @@ void handle_request(struct evhttp_request* req, void* arg)
|
||||||
|
|
||||||
if (server->is_anti_brute_force_enabled() && server->login_attempts_ >= server->settings().anti_brute_force_limit)
|
if (server->is_anti_brute_force_enabled() && server->login_attempts_ >= server->settings().anti_brute_force_limit)
|
||||||
{
|
{
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Rejected request from {host} (brute force protection active)")),
|
||||||
|
fmt::arg("host", req->remote_host)));
|
||||||
send_simple_response(req, HttpErrorForbidden);
|
send_simple_response(req, HttpErrorForbidden);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_address_allowed(server, req->remote_host))
|
if (!is_address_allowed(server, req->remote_host))
|
||||||
{
|
{
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Rejected request from {host} (IP not whitelisted)")),
|
||||||
|
fmt::arg("host", req->remote_host)));
|
||||||
send_simple_response(req, HttpErrorForbidden);
|
send_simple_response(req, HttpErrorForbidden);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -503,6 +512,9 @@ void handle_request(struct evhttp_request* req, void* arg)
|
||||||
|
|
||||||
if (!is_authorized(server, evhttp_find_header(req->input_headers, "Authorization")))
|
if (!is_authorized(server, evhttp_find_header(req->input_headers, "Authorization")))
|
||||||
{
|
{
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Rejected request from {host} (failed authentication)")),
|
||||||
|
fmt::arg("host", req->remote_host)));
|
||||||
evhttp_add_header(req->output_headers, "WWW-Authenticate", "Basic realm=\"" MY_REALM "\"");
|
evhttp_add_header(req->output_headers, "WWW-Authenticate", "Basic realm=\"" MY_REALM "\"");
|
||||||
if (server->is_anti_brute_force_enabled())
|
if (server->is_anti_brute_force_enabled())
|
||||||
{
|
{
|
||||||
|
@ -541,6 +553,9 @@ void handle_request(struct evhttp_request* req, void* arg)
|
||||||
"<p>This requirement has been added to help prevent "
|
"<p>This requirement has been added to help prevent "
|
||||||
"<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
|
"<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
|
||||||
"attacks.</p>";
|
"attacks.</p>";
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Rejected request from {host} (Host not whitelisted)")),
|
||||||
|
fmt::arg("host", req->remote_host)));
|
||||||
send_simple_response(req, 421, tmp);
|
send_simple_response(req, 421, tmp);
|
||||||
}
|
}
|
||||||
#ifdef REQUIRE_SESSION_ID
|
#ifdef REQUIRE_SESSION_ID
|
||||||
|
@ -571,6 +586,10 @@ void handle_request(struct evhttp_request* req, void* arg)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
tr_logAddWarn(fmt::format(
|
||||||
|
fmt::runtime(_("Unknown URI from {host}: '{uri}'")),
|
||||||
|
fmt::arg("host", req->remote_host),
|
||||||
|
fmt::arg("uri", uri)));
|
||||||
send_simple_response(req, HTTP_NOTFOUND, req->uri);
|
send_simple_response(req, HTTP_NOTFOUND, req->uri);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue