Hi everyone,
Firstly I want to thank SplitIce for their feedback on my work. I've
taken it all on board. Last night, I updated the git repo for this
module to use a red-black tree instead of a statically sized array.
I still need to:
a) implement the shared memory feature so that workers > 1 will work.
b) fix the log statements which don't appear to log anywhere.
Can someone guide me on how to allocate memory that is shared between
the workers please and lasts for the lifetime of the web server please?
Perhaps point me to some examples? For non connection-oriented requests,
I need my memory to last longer than the connection. Would I choose an
ngx_pool that had a lifetime of forever, or how would I achieve this
please?
https://github.com/PhillipTaylor/ngx_http_knock_module/commits/master
Any other code review feedback is still welcome at this point. Hopefully
I can get everything fixed in the next month.
Thanks
Phill
On 2014-08-19 03:54, SplitIce wrote:
Is it just me or would access_records be per worker and hence this
module
not work with workers > 1 ?
Additionally
for (i = 0; i < NGX_HTTP_KNOCK__IP_DB_SIZE && i <
ngx_http_knock_next_free_slot; i++) {
if (access_records[i].ip_addr == ip_addr)
Perhaps using the nginx Red-Black tree here would lead to better
performance (in place of O(n)) and remove the limitation on number of
IPs.
On Tue, Aug 19, 2014 at 9:50 AM, Phillip Taylor (nginx) <
[email protected]> wrote:
Hello everyone,
I've written a module for nginx that takes the concept of "Port
Knocking"
and applies it to websites. When you visit an configured nginx
website, it
returns a 404 "page not found" error. However if you go to secret
urls,
even though they all, on the service appear to return 404, you are
secretly
handshaking with nginx. After you've hit the magic combination you ip
is
logged server side, and you're allowed to the visit the site (that is,
it
returns content instead of 404).
The benefits include:
* private websites
* protect login pages against bots and scripts
* protect against zero day exploits
* protect against known exploits if you're slow to defend the site.
The code, documentation and even a link to demonstration youtube video
is
available here:
https://github.com/PhillipTaylor/ngx_http_knock_module
I contact this mailing list:
* to raise awareness that I have developed it.
* for possibly inclusion on the 3rd Party Modules page for nginx (
http://wiki.nginx.org/3rdPartyModules)
* to ask if you would be so kind to provide some code review feedback
and
advice regarding its quality.
* and any other thoughts.
Thank you
Phillip Taylor
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel
