si/`dZddlZddlmZddlmZej eZGddZ y)zH Security middleware to handle malformed requests and protocol attacks. N)HttpResponseBadRequest)cachec6eZdZdZdZdZdZdZdZd dZ y) SecurityFilterMiddlewarez Middleware to detect and block malformed requests, protocol confusion attacks, and other low-level security threats before they reach the application. c2||_gd|_g|_y)N)s s%00) get_responsemalicious_patternssuspicious_patterns)selfr s ?/var/www/python-projects/worksol/horilla/security_middleware.py__init__z!SecurityFilterMiddleware.__init__s(# $& c|j|ra|j|}tjd|d|jd|j |j |tddS|j|ra|j|}tjd|d|jd|j |j |tddS|j|}|S) NzMALFORMED REQUEST from z:  zMalformed requestz text/plain) content_typezPROTOCOL CONFUSION from zProtocol error) is_malformed_request get_client_iploggerwarningmethodpathtemporary_block_ipris_protocol_confusionr )r request ip_addressresponses r __call__z!SecurityFilterMiddleware.__call__ s  $ $W -++G4J NN4ZL7>>BRRST[T`T`Sab c  # #J /)*=LY Y  % %g .++G4J NN5j\GNNCSSTU\UaUaTbc d  # #J /)*:V V$$W-rcv |jjd}|jD]}||vsyd}|jD] }||vs|dz }t |jdkDr|dz }|j j dd}t |dkDr|dz }|j jD]F\}}|jd st|ts)td |D}|d kDsA|dz }n|d k\S#t$r"} tjd | Yd} ~ yd} ~ wwxYw)zDetect malformed requests.zutf-8TriHTTP_USER_AGENTiHTTP_c3HK|]}t|dks|dvsdyw) z r N)ord).0cs r z@SecurityFilterMiddleware.is_malformed_request..Ws#+b!A PQYaPaA+bs """zError analyzing request: NF) get_full_pathencoder r lenMETAgetitems startswith isinstancestrsum Exceptionrerror) r rraw_pathpatternsuspicious_count user_agentkeyvalue control_charses r rz-SecurityFilterMiddleware.is_malformed_request8sW) ,,.55g>H22 h& !  33 *h&$)$ * 7((*+d2 A% !))*;R@J:% A% &ll002 " U>>'*!%-(++bu+b(b (1,,1,! "$q( (  LL4QC8 9  s:2D D D BD D (D D D8D33D8cB |j}|jddk7ry|jdvr=|jj ddj }d|vr|j dvryy #t$r"}tjd |Yd }~y d }~wwxYw) z"Detect protocol confusion attacks.z\x16\x03T)POSTPUTPATCH CONTENT_TYPEr"zapplication/octet-stream)z/upload/z /api/upload/Fz'Exception in protocol confusion check: N) r,findrr/r0lowerrr6rdebug)r rr8rr?s r rz.SecurityFilterMiddleware.is_protocol_confusiones ,,.H}}\*b0~~!99&||//CIIK -=',,VrBr  LLB1#F G s$A3A A33 B<BBc4|jjd}|r$|jddj}|S|jjdxs9|jjdxs|jjdd}|S)zGet the real client IP address.HTTP_X_FORWARDED_FOR,rHTTP_X_REAL_IPHTTP_CF_CONNECTING_IP REMOTE_ADDRr")r/r0splitstrip)r rx_forwarded_forips r rz&SecurityFilterMiddleware.get_client_ip}s!,,**+AB  &&s+A.446B  ,,""#346,,""#:;6,,""="5  rctd|}tj|d|tjd|d|dy)z/Temporarily block an IP for malformed requests.security_block_TzTemporarily blocked IP z for z! seconds due to malformed requestN)rsetrinfo)r rduration block_keys r rz+SecurityFilterMiddleware.temporary_block_ips;%j\2  )T8, -j\xjHijkrN)i,) __name__ __module__ __qualname____doc__rrrrrrrr rr s' &0+Z0 lrr) r\logging django.httprdjango.core.cacher getLoggerrYrrr]rr rbs5.#   8 $AlAlr