Fossil SCM
A redirect to the honeypot due to robot complex-request detection also sets the "fossil-goto" cookie with the original URL. If a real users proceeds to login, then a redirect to the complex-request occurs as soon as the login completes.
Commit
aa4159f781b4366ff07228bb2c351745dc293eb802da58860cb09fab2fe45988
Parent
1a0b3043073b1f2…
2 files changed
+24
+4
+24
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -1894,10 +1894,34 @@ | ||
| 1894 | 1894 | for(i=0; i<nUsedQP; i++){ |
| 1895 | 1895 | if( aParamQP[i].isQP==0 || aParamQP[i].cTag ) continue; |
| 1896 | 1896 | url_add_parameter(p, aParamQP[i].zName, aParamQP[i].zValue); |
| 1897 | 1897 | } |
| 1898 | 1898 | } |
| 1899 | + | |
| 1900 | +/* | |
| 1901 | +** Reconstruct the URL into memory obtained from fossil_malloc() and | |
| 1902 | +** return a pointer to that URL. | |
| 1903 | +*/ | |
| 1904 | +char *cgi_reconstruct_original_url(void){ | |
| 1905 | + int i; | |
| 1906 | + char cSep = '?'; | |
| 1907 | + Blob url; | |
| 1908 | + blob_init(&url, 0, 0); | |
| 1909 | + blob_appendf(&url, "%s/%s", g.zBaseURL, g.zPath); | |
| 1910 | + for(i=0; i<nUsedQP; i++){ | |
| 1911 | + if( aParamQP[i].isQP ){ | |
| 1912 | + struct QParam *p = &aParamQP[i]; | |
| 1913 | + if( p->zValue && p->zValue[0] ){ | |
| 1914 | + blob_appendf(&url, "%c%t=%t", cSep, p->zName, p->zValue); | |
| 1915 | + }else{ | |
| 1916 | + blob_appendf(&url, "%c%t", cSep, p->zName); | |
| 1917 | + } | |
| 1918 | + cSep = '&'; | |
| 1919 | + } | |
| 1920 | + } | |
| 1921 | + return blob_str(&url); | |
| 1922 | +} | |
| 1899 | 1923 | |
| 1900 | 1924 | /* |
| 1901 | 1925 | ** Tag query parameter zName so that it is not exported by |
| 1902 | 1926 | ** cgi_query_parameters_to_hidden(). Or if zName==0, then |
| 1903 | 1927 | ** untag all query parameters. |
| 1904 | 1928 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -1894,10 +1894,34 @@ | |
| 1894 | for(i=0; i<nUsedQP; i++){ |
| 1895 | if( aParamQP[i].isQP==0 || aParamQP[i].cTag ) continue; |
| 1896 | url_add_parameter(p, aParamQP[i].zName, aParamQP[i].zValue); |
| 1897 | } |
| 1898 | } |
| 1899 | |
| 1900 | /* |
| 1901 | ** Tag query parameter zName so that it is not exported by |
| 1902 | ** cgi_query_parameters_to_hidden(). Or if zName==0, then |
| 1903 | ** untag all query parameters. |
| 1904 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -1894,10 +1894,34 @@ | |
| 1894 | for(i=0; i<nUsedQP; i++){ |
| 1895 | if( aParamQP[i].isQP==0 || aParamQP[i].cTag ) continue; |
| 1896 | url_add_parameter(p, aParamQP[i].zName, aParamQP[i].zValue); |
| 1897 | } |
| 1898 | } |
| 1899 | |
| 1900 | /* |
| 1901 | ** Reconstruct the URL into memory obtained from fossil_malloc() and |
| 1902 | ** return a pointer to that URL. |
| 1903 | */ |
| 1904 | char *cgi_reconstruct_original_url(void){ |
| 1905 | int i; |
| 1906 | char cSep = '?'; |
| 1907 | Blob url; |
| 1908 | blob_init(&url, 0, 0); |
| 1909 | blob_appendf(&url, "%s/%s", g.zBaseURL, g.zPath); |
| 1910 | for(i=0; i<nUsedQP; i++){ |
| 1911 | if( aParamQP[i].isQP ){ |
| 1912 | struct QParam *p = &aParamQP[i]; |
| 1913 | if( p->zValue && p->zValue[0] ){ |
| 1914 | blob_appendf(&url, "%c%t=%t", cSep, p->zName, p->zValue); |
| 1915 | }else{ |
| 1916 | blob_appendf(&url, "%c%t", cSep, p->zName); |
| 1917 | } |
| 1918 | cSep = '&'; |
| 1919 | } |
| 1920 | } |
| 1921 | return blob_str(&url); |
| 1922 | } |
| 1923 | |
| 1924 | /* |
| 1925 | ** Tag query parameter zName so that it is not exported by |
| 1926 | ** cgi_query_parameters_to_hidden(). Or if zName==0, then |
| 1927 | ** untag all query parameters. |
| 1928 |
+4
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -121,10 +121,13 @@ | ||
| 121 | 121 | */ |
| 122 | 122 | static void redirect_to_g(void){ |
| 123 | 123 | const char *zGoto = P("g"); |
| 124 | 124 | if( zGoto ){ |
| 125 | 125 | cgi_redirectf("%R/%s",zGoto); |
| 126 | + }else if( (zGoto = P("fossil-goto"))!=0 && zGoto[0]!=0 ){ | |
| 127 | + cgi_set_cookie("fossil-goto","",0,1); | |
| 128 | + cgi_redirect(zGoto); | |
| 126 | 129 | }else{ |
| 127 | 130 | fossil_redirect_home(); |
| 128 | 131 | } |
| 129 | 132 | } |
| 130 | 133 | |
| @@ -1335,10 +1338,11 @@ | ||
| 1335 | 1338 | } |
| 1336 | 1339 | |
| 1337 | 1340 | /* If we reach this point, it means we have a situation where we |
| 1338 | 1341 | ** want to restrict the activity of a robot. |
| 1339 | 1342 | */ |
| 1343 | + cgi_set_cookie("fossil-goto", cgi_reconstruct_original_url(), 0, 600); | |
| 1340 | 1344 | cgi_redirectf("%R/honeypot"); |
| 1341 | 1345 | } |
| 1342 | 1346 | |
| 1343 | 1347 | /* |
| 1344 | 1348 | ** This routine examines the login cookie to see if it exists and |
| 1345 | 1349 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -121,10 +121,13 @@ | |
| 121 | */ |
| 122 | static void redirect_to_g(void){ |
| 123 | const char *zGoto = P("g"); |
| 124 | if( zGoto ){ |
| 125 | cgi_redirectf("%R/%s",zGoto); |
| 126 | }else{ |
| 127 | fossil_redirect_home(); |
| 128 | } |
| 129 | } |
| 130 | |
| @@ -1335,10 +1338,11 @@ | |
| 1335 | } |
| 1336 | |
| 1337 | /* If we reach this point, it means we have a situation where we |
| 1338 | ** want to restrict the activity of a robot. |
| 1339 | */ |
| 1340 | cgi_redirectf("%R/honeypot"); |
| 1341 | } |
| 1342 | |
| 1343 | /* |
| 1344 | ** This routine examines the login cookie to see if it exists and |
| 1345 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -121,10 +121,13 @@ | |
| 121 | */ |
| 122 | static void redirect_to_g(void){ |
| 123 | const char *zGoto = P("g"); |
| 124 | if( zGoto ){ |
| 125 | cgi_redirectf("%R/%s",zGoto); |
| 126 | }else if( (zGoto = P("fossil-goto"))!=0 && zGoto[0]!=0 ){ |
| 127 | cgi_set_cookie("fossil-goto","",0,1); |
| 128 | cgi_redirect(zGoto); |
| 129 | }else{ |
| 130 | fossil_redirect_home(); |
| 131 | } |
| 132 | } |
| 133 | |
| @@ -1335,10 +1338,11 @@ | |
| 1338 | } |
| 1339 | |
| 1340 | /* If we reach this point, it means we have a situation where we |
| 1341 | ** want to restrict the activity of a robot. |
| 1342 | */ |
| 1343 | cgi_set_cookie("fossil-goto", cgi_reconstruct_original_url(), 0, 600); |
| 1344 | cgi_redirectf("%R/honeypot"); |
| 1345 | } |
| 1346 | |
| 1347 | /* |
| 1348 | ** This routine examines the login cookie to see if it exists and |
| 1349 |