Skip to content

Commit 6e0e40b

Browse files
mathieuancelinmathieuancelin
committed
avoid counting multiple times in fail2ban
1 parent deec161 commit 6e0e40b

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

otoroshi/app/next/plugins/fail2ban.scala

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -272,6 +272,7 @@ object Fail2BanState {
272272
object Fail2BanPlugin {
273273
val Fail2BanTriggerStatusKey = TypedKey[Int]("otoroshi.plugins.Fail2BanPlugin.Fail2BanTriggerStatus")
274274
val Fail2BanTriggerKey = TypedKey[String]("otoroshi.plugins.Fail2BanPlugin.Fail2BanTrigger")
275+
val Fail2BanAlreadyCountedKey = TypedKey[Boolean]("otoroshi.plugins.Fail2BanPlugin.Fail2BanAlreadyCounted")
275276
}
276277

277278
class Fail2BanPlugin extends NgAccessValidator with NgRequestTransformer {
@@ -324,6 +325,7 @@ class Fail2BanPlugin extends NgAccessValidator with NgRequestTransformer {
324325
"message" -> s"You are temporarily banned due to too many failed requests.",
325326
"retry_in_seconds" -> remain
326327
)
328+
ctx.attrs.put(Fail2BanPlugin.Fail2BanAlreadyCountedKey -> true)
327329
NgAccess.NgDenied(Results.Forbidden(body)).vfuture
328330
} else {
329331
NgAccess.NgAllowed.vfuture
@@ -349,7 +351,7 @@ class Fail2BanPlugin extends NgAccessValidator with NgRequestTransformer {
349351
val now = System.currentTimeMillis()
350352
val counter = Fail2BanState.counterFor(ip)
351353
val n = counter.increment(now, conf.detectTimeMs.toMillis)
352-
354+
ctx.attrs.put(Fail2BanPlugin.Fail2BanAlreadyCountedKey -> true)
353355
if (n >= conf.maxRetry) {
354356
Fail2BanState.ban(ip, (now + conf.banTimeMs.toMillis).millis)
355357
counter.reset()
@@ -377,7 +379,7 @@ class Fail2BanPlugin extends NgAccessValidator with NgRequestTransformer {
377379
val now = System.currentTimeMillis()
378380
val counter = Fail2BanState.counterFor(ip)
379381
val n = counter.increment(now, conf.detectTimeMs.toMillis)
380-
382+
ctx.attrs.put(Fail2BanPlugin.Fail2BanAlreadyCountedKey -> true)
381383
if (n >= conf.maxRetry) {
382384
Fail2BanState.ban(ip, (now + conf.banTimeMs.toMillis).millis)
383385
counter.reset()
@@ -392,7 +394,8 @@ class Fail2BanPlugin extends NgAccessValidator with NgRequestTransformer {
392394
.cachedConfig(internalName)(Fail2BanConfig.format)
393395
.getOrElse(Fail2BanConfig.default)
394396
val ip = conf.identifier.evaluateEl(ctx.attrs)
395-
if (!conf.isIgnored(ip) && !conf.isBlocked(ip)) {
397+
val alreadyCounted = ctx.attrs.get(Fail2BanPlugin.Fail2BanAlreadyCountedKey).contains(true)
398+
if (!conf.isIgnored(ip) && !conf.isBlocked(ip) && !alreadyCounted) {
396399
ctx.attrs.get(otoroshi.plugins.Keys.ElCtxKey).map { elCtx =>
397400
val pathAndQuery = ctx.request.thePath
398401
val ctxStatus = elCtx.get("fail2ban-trigger-status").map(_.toInt).orElse(ctx.attrs.get(Fail2BanPlugin.Fail2BanTriggerStatusKey))

0 commit comments

Comments
 (0)