devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

feat: add Redis based rate limiting for multiple instances

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-14 13:17:28 +01:00
parent a874d14194
commit 5951616153
11 changed files with 99 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/middleware/block-common-exploits.go
View File

@@ -46,7 +46,7 @@ func (blockCommon BlockCommon) BlockExploitsMiddleware(next http.Handler) http.H
pathTraversalPattern.MatchString(r.URL.Path) ||
xssPattern.MatchString(r.URL.RawQuery) {
logger.Error("%s: %s Forbidden - Potential exploit detected", getRealIP(r), r.URL.Path)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden))
return
}
@@ -57,7 +57,7 @@ func (blockCommon BlockCommon) BlockExploitsMiddleware(next http.Handler) http.H
for _, value := range values {
if sqlInjectionPattern.MatchString(value) || xssPattern.MatchString(value) {
logger.Error("%s: %s %s Forbidden - Potential exploit detected", getRealIP(r), r.Method, r.URL.Path)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden))
return
}
}