diff options
| author |   Tom Knight <tomk@gentoo.org> | 2006-10-28 11:56:00 +0000 |
|---|---|---|
| committer | Tom Knight <tomk@gentoo.org> | 2006-10-28 11:56:00 +0000 |
| commit | 019828d13e749bde1802423dca33fb03cdebf14c (patch) | |
| tree | eb6bcf2fd92c05f88bc1e2802d2ca91b01031438 /net-www | |
| parent | Cleanup. (diff) | |
| download | gentoo-2-019828d13e749bde1802423dca33fb03cdebf14c.tar.gz gentoo-2-019828d13e749bde1802423dca33fb03cdebf14c.tar.bz2 gentoo-2-019828d13e749bde1802423dca33fb03cdebf14c.zip | |
Better fix for bug #148099. Stabalised 0.22-r1 on amd64. Re-added 0.04 for apache1 users.
(Portage version: 2.1.1-r1)
Diffstat (limited to 'net-www')
7 files changed, 370 insertions, 14 deletions
diff --git a/net-www/mod_limitipconn/ChangeLog b/net-www/mod_limitipconn/ChangeLog index e1766bdf721d..c27404d51527 100644 --- a/net-www/mod_limitipconn/ChangeLog +++ b/net-www/mod_limitipconn/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-www/mod_limitipconn # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_limitipconn/ChangeLog,v 1.13 2006/09/30 15:18:08 chtekk Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_limitipconn/ChangeLog,v 1.14 2006/10/28 11:56:00 tomk Exp $ + + 28 Oct 2006; Tom Knight <tomk@gentoo.org> + +files/mod_limitipconn-0.04-local_ip.patch, + +files/mod_limitipconn-0.04-vhost.patch, metadata.xml, + +mod_limitipconn-0.04.ebuild, mod_limitipconn-0.22-r1.ebuild: + Better fix for bug #148099. Stabalised 0.22-r1 on amd64. Re-added 0.04 for + apache1 users. 30 Sep 2006; Luca Longinotti <chtekk@gentoo.org> -files/mod_limitipconn-0.04-local_ip.patch, diff --git a/net-www/mod_limitipconn/files/digest-mod_limitipconn-0.04 b/net-www/mod_limitipconn/files/digest-mod_limitipconn-0.04 new file mode 100644 index 000000000000..e50ac859e9f9 --- /dev/null +++ b/net-www/mod_limitipconn/files/digest-mod_limitipconn-0.04 @@ -0,0 +1,3 @@ +MD5 009dac6ccae20806916ec7aa61a42a1f mod_limitipconn-0.04.tar.gz 6267 +RMD160 90bb7bc1a98258fbbf262a88b6fea1db0b45303b mod_limitipconn-0.04.tar.gz 6267 +SHA256 ad131bbd5af50bb37450d3bafddffeb81b4a2e8456c2bddb3ba300beca530a94 mod_limitipconn-0.04.tar.gz 6267 diff --git a/net-www/mod_limitipconn/files/mod_limitipconn-0.04-local_ip.patch b/net-www/mod_limitipconn/files/mod_limitipconn-0.04-local_ip.patch new file mode 100644 index 000000000000..e7aaea7f9865 --- /dev/null +++ b/net-www/mod_limitipconn/files/mod_limitipconn-0.04-local_ip.patch @@ -0,0 +1,69 @@ +--- mod_limitipconn.c.org Wed Apr 30 14:57:33 2003 ++++ mod_limitipconn.c Wed Apr 30 15:10:31 2003 +@@ -44,6 +44,8 @@ + checking */ + array_header *excl_limit; /* array of MIME types to limit check; all + other types are exempt */ ++ array_header *local_ip; /* array of local ip exempt from limit ++ checking */ + } limitipconn_dir_config; + + static void *limitipconn_create_dir_config(pool *p, char *path) +@@ -55,6 +57,7 @@ + cfg->limit = 0; + cfg->no_limit = ap_make_array(p, 0, sizeof(char *)); + cfg->excl_limit = ap_make_array(p, 0, sizeof(char *)); ++ cfg->local_ip = ap_make_array(p, 0, sizeof(char *)); + + return (void *) cfg; + } +@@ -68,6 +71,7 @@ + /* convert Apache arrays to normal C arrays */ + char **nolim = (char **) cfg->no_limit->elts; + char **exlim = (char **) cfg->excl_limit->elts; ++ char **localip = (char **) cfg->local_ip->elts; + + const char *address; + +@@ -109,6 +113,15 @@ + return OK; + } + ++ /* Cycle through the local ip list; if the ip is local, ++ * return OK */ ++ for (i = 0; i < cfg->local_ip->nelts; i++) { ++ if ((ap_strcasecmp_match(address, localip[i]) == 0) ++ || (strncmp(localip[i], address, strlen(localip[i])) == 0)) { ++ return OK; ++ } ++ } ++ + /* Cycle through the exempt list; if our content_type is exempt, + * return OK */ + for (i = 0; i < cfg->no_limit->nelts; i++) { +@@ -219,6 +232,16 @@ + return NULL; + } + ++/* Parse the LocalIP directive */ ++static const char *local_ip_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ *(char **) ap_push_array(cfg->local_ip) = ap_pstrdup(parms->pool, arg); ++ return NULL; ++} ++ + /* Array describing structure of configuration directives */ + static command_rec limitipconn_cmds[] = { + {"MaxConnPerIP", limit_config_cmd, NULL, OR_LIMIT, TAKE1, +@@ -227,6 +250,8 @@ + "MIME types for which limit checking is disabled"}, + {"OnlyIPLimit", excl_limit_config_cmd, NULL, OR_LIMIT, ITERATE, + "restrict limit checking to these MIME types only"}, ++ {"LocalIP", local_ip_config_cmd, NULL, OR_LIMIT, ITERATE, ++ "no checking on local IP"}, + {NULL}, + }; + diff --git a/net-www/mod_limitipconn/files/mod_limitipconn-0.04-vhost.patch b/net-www/mod_limitipconn/files/mod_limitipconn-0.04-vhost.patch new file mode 100644 index 000000000000..60ac75775413 --- /dev/null +++ b/net-www/mod_limitipconn/files/mod_limitipconn-0.04-vhost.patch @@ -0,0 +1,248 @@ +--- mod_limitipconn.c-localip 2005-02-09 16:29:55.525726056 +0100 ++++ mod_limitipconn.c 2005-02-09 16:31:44.319186936 +0100 +@@ -1,5 +1,6 @@ + /* + * Copyright (C) 2000-2002 David Jao <djao@dominia.org> ++ * "MaxConnPerUid", "MaxConnPerVhost" and "MaxLA*" portions by Maxim Chirkov <mc@tyumen.ru> + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation +@@ -40,6 +41,13 @@ + + typedef struct { + unsigned int limit; /* max number of connections per IP */ ++ ++ unsigned int limit_uid; /* max number of connections per user */ ++ unsigned int limit_vhost; /* max number of connections per virtual host */ ++ double limit_la1; /* maximum value of Load Average for 1 min. */ ++ double limit_la5; /* maximum value of Load Average for 5 min. */ ++ double limit_la15; /* maximum value of Load Average for 15 min. */ ++ + array_header *no_limit; /* array of MIME types exempt from limit + checking */ + array_header *excl_limit; /* array of MIME types to limit check; all +@@ -55,6 +63,11 @@ + + /* default configuration: no limit, and both arrays are empty */ + cfg->limit = 0; ++ cfg->limit_uid = 0; ++ cfg->limit_vhost = 0; ++ cfg->limit_la1 = 0.0; ++ cfg->limit_la5 = 0.0; ++ cfg->limit_la15 = 0.0; + cfg->no_limit = ap_make_array(p, 0, sizeof(char *)); + cfg->excl_limit = ap_make_array(p, 0, sizeof(char *)); + cfg->local_ip = ap_make_array(p, 0, sizeof(char *)); +@@ -75,12 +88,25 @@ + + const char *address; + ++ /* load average */ ++ double current_la[3]; ++ + /* loop index variable */ + int i; + + /* running count of number of connections from this address */ + int ip_count = 0; + ++ /* count of runnung requests for current uid and virtual host*/ ++ int uid_req_count = 0; ++ int vhost_req_count = 0; ++ ++ /* uid of current virtual host */ ++ uid_t current_uid = 0; ++ ++ /* current virtual host id */ ++ char *current_vhost = NULL; ++ + /* Content-type of the current request */ + const char *content_type; + +@@ -108,8 +134,44 @@ + #endif + address = r->connection->remote_ip; + ++#ifdef DEBUG ++ ap_log_error(APLOG_MARK, APLOG_ERR, r->server, "DEBUG: %s handler for requiest uri(%s) args(%s) host(%s) uid(%d)",r->handler, r->uri, r->args, r->server->server_hostname, r->server->server_uid); ++#endif ++ ++ /* Check Load Average overflow */ ++ if (cfg->limit_la1 != 0 || cfg->limit_la5 != 0 || cfg->limit_la15 != 0){ ++ ++ /* Blocking only cgi or php scripts if LA limit exceeded */ ++ /* Handlers: cgi-script perl-script application/x-httpd-php application/x-httpd-cgi */ ++ /* Check for cgi and php in r->uri too simple then r->handler */ ++ if ((r->args != NULL) ++ || (ap_strcasestr(r->uri, "cgi") != NULL) ++ || (ap_strcasestr(r->uri, "php") != NULL)){ ++ ++ if( getloadavg(current_la, 3) != -1 ){ ++ ++ if ((current_la[0] >= cfg->limit_la1) ++ && (current_la[1] >= cfg->limit_la5) ++ && (current_la[2] >= cfg->limit_la15)){ ++ ++ ap_log_error(APLOG_MARK, APLOG_ERR, r->server, "Load Average limit exceeded (%.2f, %.2f, %.2f)", ++ current_la[0], current_la[1], current_la[2]); ++ ap_log_reason("System exceeded LA limit.", r->uri, r); ++ ++ return HTTP_SERVICE_UNAVAILABLE; ++ } ++ } ++ } ++ } ++ ++ /* Get uid of current virual host for future use */ ++ if (r->server->is_virtual){ ++ current_uid = r->server->server_uid; ++ current_vhost = r->server->server_hostname; ++ } ++ + /* A limit value of 0 by convention means no limit. */ +- if (cfg->limit == 0) { ++ if (cfg->limit == 0 && cfg->limit_uid == 0 && cfg->limit_vhost == 0) { + return OK; + } + +@@ -168,6 +230,19 @@ + ) { + ip_count++; + } ++ if ((score_record.vhostrec != NULL) && ++ (score_record.vhostrec->is_virtual)){ ++ ++ if (score_record.vhostrec->server_uid == current_uid){ ++ /* Same user */ ++ uid_req_count++; ++ } ++ if ((cfg->limit_vhost != 0) ++ && (strcmp(score_record.vhostrec->server_hostname, current_vhost) == 0)){ ++ /* Same host name */ ++ vhost_req_count++; ++ } ++ } + break; + case + SERVER_DEAD: +@@ -191,6 +266,14 @@ + ap_table_setn(r->subprocess_env, "LIMITIP", "1"); + /* return 503 */ + return HTTP_SERVICE_UNAVAILABLE; ++ } else if ((uid_req_count > cfg->limit_uid) && (cfg->limit_uid)){ ++ ap_log_error(APLOG_MARK, APLOG_ERR, r->server, "Rejecting vhost=%s, uid=%u", r->server->server_hostname, r->server->server_uid); ++ ap_log_reason("Client exceeded request per user limit.", r->uri, r); ++ return HTTP_SERVICE_UNAVAILABLE; ++ } else if ((vhost_req_count > cfg->limit_vhost) && (cfg->limit_vhost)){ ++ ap_log_error(APLOG_MARK, APLOG_ERR, r->server, "Rejecting vhost=%s, uid=%u", r->server->server_hostname, r->server->server_uid); ++ ap_log_reason("Client exceeded request per vhost limit.", r->uri, r); ++ return HTTP_SERVICE_UNAVAILABLE; + } else { + return OK; + } +@@ -242,6 +325,88 @@ + return NULL; + } + ++/* Parse the MaxConnPerVhost directive */ ++static const char *limit_vhost_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ unsigned long int limit = strtol(arg, (char **) NULL, 10); ++ ++ if (limit == LONG_MAX) { ++ return "Integer overflow or invalid number"; ++ } ++ ++ cfg->limit_vhost = limit; ++ return NULL; ++} ++ ++/* Parse the MaxConnPerUid directive */ ++static const char *limit_uid_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ unsigned long int limit = strtol(arg, (char **) NULL, 10); ++ ++ if (limit == LONG_MAX) { ++ return "Integer overflow or invalid number"; ++ } ++ ++ cfg->limit_uid = limit; ++ return NULL; ++} ++ ++/* Parse the MaxLA1 directive */ ++static const char *limit_la1_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ double limit = strtod(arg, (char **) NULL); ++ ++ if (limit < 0.0) { ++ return "Invalid LA1 value"; ++ } ++ ++ cfg->limit_la1 = limit; ++ return NULL; ++} ++ ++/* Parse the MaxLA5 directive */ ++static const char *limit_la5_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ double limit = strtod(arg, (char **) NULL); ++ ++ if (limit < 0.0) { ++ return "Invalid LA5 value"; ++ } ++ ++ cfg->limit_la5 = limit; ++ return NULL; ++} ++ ++ ++/* Parse the MaxLA15 directive */ ++static const char *limit_la15_config_cmd(cmd_parms *parms, void *mconfig, ++ const char *arg) ++{ ++ limitipconn_dir_config *cfg = (limitipconn_dir_config *) mconfig; ++ ++ double limit = strtod(arg, (char **) NULL); ++ ++ if (limit < 0.0) { ++ return "Invalid LA15 value"; ++ } ++ ++ cfg->limit_la15 = limit; ++ return NULL; ++} ++ ++ + /* Array describing structure of configuration directives */ + static command_rec limitipconn_cmds[] = { + {"MaxConnPerIP", limit_config_cmd, NULL, OR_LIMIT, TAKE1, +@@ -252,6 +417,16 @@ + "restrict limit checking to these MIME types only"}, + {"LocalIP", local_ip_config_cmd, NULL, OR_LIMIT, ITERATE, + "no checking on local IP"}, ++ {"MaxConnPerUid", limit_uid_config_cmd, NULL, OR_LIMIT, TAKE1, ++ "maximum simultaneous connections per user"}, ++ {"MaxConnPerVhost", limit_vhost_config_cmd, NULL, OR_LIMIT, TAKE1, ++ "maximum simultaneous connections per virtual host"}, ++ {"MaxLA1", limit_la1_config_cmd, NULL, OR_LIMIT, TAKE1, ++ "maximum Load Overage value for the past 1 minute"}, ++ {"MaxLA5", limit_la5_config_cmd, NULL, OR_LIMIT, TAKE1, ++ "maximum Load Overage value for the past 5 minutes"}, ++ {"MaxLA15", limit_la15_config_cmd, NULL, OR_LIMIT, TAKE1, ++ "maximum Load Overage value for the past 15 minutes"}, + {NULL}, + }; + diff --git a/net-www/mod_limitipconn/metadata.xml b/net-www/mod_limitipconn/metadata.xml index 64a719ea1bfd..3423d6587289 100644 --- a/net-www/mod_limitipconn/metadata.xml +++ b/net-www/mod_limitipconn/metadata.xml @@ -2,4 +2,13 @@ <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <herd>apache</herd> + <maintainer> + <email>tomk@gentoo.org</email> + <name>Tom Knight</name> + </maintainer> + <longdescription> + Apache module to limit the maximum number of simultaneous + connections per IP address. Allows inclusion and exclusion of files + based on MIME type. + </longdescription> </pkgmetadata> diff --git a/net-www/mod_limitipconn/mod_limitipconn-0.04.ebuild b/net-www/mod_limitipconn/mod_limitipconn-0.04.ebuild new file mode 100644 index 000000000000..60205584cad3 --- /dev/null +++ b/net-www/mod_limitipconn/mod_limitipconn-0.04.ebuild @@ -0,0 +1,29 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_limitipconn/mod_limitipconn-0.04.ebuild,v 1.4 2006/10/28 11:56:00 tomk Exp $ + +inherit eutils apache-module + +DESCRIPTION="Allows administrators to limit the number of simultaneous downloads permitted." +SRC_URI="http://dominia.org/djao/limit/${P}.tar.gz" +HOMEPAGE="http://dominia.org/djao/limitipconn.html" + +KEYWORDS="~x86 ~ppc amd64" +SLOT="1" +LICENSE="as-is" +IUSE="" + +APACHE1_MOD_CONF="27_${PN}" +APACHE1_MOD_DEFINE="LIMITIPCONN INFO" + +DOCFILES="ChangeLog README" + +need_apache1 + +src_unpack() { + unpack ${A} || die "unpack failed" + cd ${S} || "could not cd to ${S}" + + epatch ${FILESDIR}/${P}-local_ip.patch || "local_ip patch failed" + epatch ${FILESDIR}/${P}-vhost.patch || "vhost patch failed" +} diff --git a/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild b/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild index ef86bdaf3744..d2b95e2afc6c 100644 --- a/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild +++ b/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild,v 1.6 2006/09/30 15:18:08 chtekk Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_limitipconn/mod_limitipconn-0.22-r1.ebuild,v 1.7 2006/10/28 11:56:00 tomk Exp $ inherit eutils apache-module RESTRICT="test" @@ -9,23 +9,14 @@ DESCRIPTION="Allows administrators to limit the number of simultaneous downloads SRC_URI="http://dominia.org/djao/limit/${P}.tar.gz" HOMEPAGE="http://dominia.org/djao/limitipconn2.html" -KEYWORDS="~amd64 ppc x86" -SLOT="0" +KEYWORDS="amd64 ppc x86" +SLOT="2" LICENSE="as-is" IUSE="" APACHE2_MOD_CONF="27_${PN}" -APACHE2_MOD_DEFINE="LIMITIPCONN" +APACHE2_MOD_DEFINE="LIMITIPCONN INFO" DOCFILES="ChangeLog INSTALL README" need_apache2 - -pkg_postinst() { - apache-module_pkg_postinst - einfo - elog "${PN} also needs mod_status enabled in Apache2." - elog "To do this, simply add '-D INFO' to /etc/conf.d/apache2's" - elog "APACHE2_OPTS variable." - einfo -} |