Contents

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.com/terms.html

require 'sqreen/rules/regexp_rule_cb'

module Sqreen
  module Rules
    # FIXME: Tune this as Rack capable callback?
    # If:
    #  - we have a 404
    #  - the path is a typical bot scanning request
    # Then we deny the ressource and record the attack.
    class URLMatchesCB < RegexpRuleCB
      def post(rv, _inst, args, _budget = nil, &_block)
        return unless rv.is_a?(Array) && rv.size > 0 && rv[0] == 404
        env = args[0]
        path = env['SCRIPT_NAME'].to_s + env['PATH_INFO'].to_s
        found = match_regexp(path)
        infos = { :path => path, :found => found }
        record_event(infos) if found
        advise_action(nil)
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
sqreen-1.18.6-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.6	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.5-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.5	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.4-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.4	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.3-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.3	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.18.3.beta2	lib/sqreen/rules/url_matches_cb.rb