https://github.com/matsumotory/http-dos-detector

detect huge number of http access like DoS for Apache and nginx using mruby
https://github.com/matsumotory/http-dos-detector

Last synced: about 2 months ago
JSON representation

detect huge number of http access like DoS for Apache and nginx using mruby

• Host: GitHub
• URL: https://github.com/matsumotory/http-dos-detector
• Owner: matsumotory
• License: other
• Created: 2015-06-08T13:02:38.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2017-05-16T06:15:17.000Z (over 7 years ago)
• Last Synced: 2024-10-18T18:28:39.775Z (3 months ago)
• Language: Ruby
• Size: 13.7 KB
• Stars: 90
• Watchers: 7
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# http-dos-detector

Detect Huge Number of HTTP Requests on Apache and Nginx using mruby code.

http-dos-detector use same Ruby code between Apache(mod_mruby) and nginx(ngx_mruby).

## Install and Configuration

- install [mod_mruby](https://github.com/matsumoto-r/mod_mruby) if you use apache

- install [ngx_mruby](https://github.com/matsumoto-r/ngx_mruby) if you use nginx

### Apache and mod_mruby

- copy `dos_detector/` and `dos_detector_apache.conf` into `/etc/httpd/conf.d/`

```apache

LoadModule mruby_module modules/mod_mruby.so

  mrubyPostConfigMiddle    /etc/httpd/conf.d/dos_detector/dos_detector_init.rb cache

  mrubyChildInitMiddle     /etc/httpd/conf.d/dos_detector/dos_detector_worker_init.rb cache

  mrubyAccessCheckerMiddle /etc/httpd/conf.d/dos_detector/dos_detector.rb cache

```

### nginx and ngx_mruby

- copy `dos_detector/` into `/path/to/nginx/conf.d/`

- write configuration like `dos_detector_nginx.conf`

```nginx

http {

  mruby_init /path/to/nginx/conf/doc_detector/dos_detector_init.rb cache;

  mruby_init_worker /path/to/nginx/conf/doc_detector/dos_detector_worker_init.rb cache;

  server {

    location /dos_detector {

      mruby_access_handler /path/to/nginx/conf/doc_detector/dos_detector.rb cache;

    }

  }

}

```

### programmable configuration of DoS

- `dos_detector.rb`

```ruby

Server = get_server_class

r = Server::Request.new

cache = Userdata.new.shared_cache

global_mutex = Userdata.new.shared_mutex

host = r.hostname

config = {

  :counter_key => r.hostname,

  :magic_str => "....",

  :behind_counter => -500,

  :threshold_counter => 100,

  :threshold_time => 1,

  :expire_time => 5,

}

unless r.sub_request?

  # process-shared lock

  timeout = global_mutex.try_lock_loop(50000) do

    dos = DosDetector.new r, cache, config

    data = dos.analyze

    Server.errlogger Server::LOG_NOTICE, "[INFO] dos_detetor: detect dos: #{data}"

    begin

      if dos.detect?

        Server.errlogger Server::LOG_NOTICE, "dos_detetor: detect dos: #{data}"

        Server.return Server::HTTP_SERVICE_UNAVAILABLE

      end

    rescue => e

      raise "DosDetector failed: #{e}"

    ensure

      global_mutex.unlock

    end

  end

  if timeout

    Server.errlogger Server::LOG_NOTICE, "dos_detetor: get timeout mutex lock, #{data}"

  end

end

```

## depend mrbgem

```ruby

  conf.gem :github => 'matsumoto-r/mruby-localmemcache'

  conf.gem :github => 'matsumoto-r/mruby-mutex'

```

http-dos-detector has the counter of any key in process-shared memory. When Apache or nginx was restarted, the counter was freed.

## License

under the MIT License:

- see LICENSE file