web/mod-qos
1
0
Fork 0
Code Issues Activity

Adding upstream version 11.76.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-03-24 13:01:55 +01:00
parent 24ecce9d56
commit 1a9d02dfcf
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
65 changed files with 413 additions and 7681 deletions
Download patch file Download diff file Expand all files Collapse all files

95
doc/index.html
View file

@ -34,7 +34,7 @@
See http://mod-qos.sourceforge.net/ for further details.
Copyright (C) 2023 Pascal Buchbinder
Copyright (C) 2025 Pascal Buchbinder
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@ -248,7 +248,7 @@ server's modules directory.
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
<pre>
cd mod_qos-11.74/apache2
cd mod_qos-11.76/apache2
apxs -i -c mod_qos.c -lcrypto -lpcre2-8
cd ../..
</pre>
@ -320,11 +320,11 @@ within the format string used by the <a href="#QSLog"><code>QSLog</code></a> dir
The <a href="#utilities">support tools</a> may be built (at least on some
Linux platforms) using the GNU autotools. Some of these
utilities require third-party libraries such as apr, apr-util, PCRE2,
libpng, and OpenSSL.
and OpenSSL.
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
<pre>
cd mod_qos-11.74/tools
cd mod_qos-11.76/tools
./configure
make
</pre>
@ -946,10 +946,6 @@ that has occurred during a request.
<syntax>QS_Country</syntax><br>
ISO 3166 country code of client IPv4 address. Only available if the
<a href="#QS_ClientGeoCountryDB">geographical database</a> file has been loaded.<br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
directive to override the client's IP address based on the value within the defined
HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of
the client which has opened the TCP connection.</i></small>
</li>
<!--<li>
<syntax>QS_RuleId</syntax><br>
@ -1431,8 +1427,6 @@ pattern are allowed. If a <code>QS_PermitUri</code> pattern has
been defined and the request does not match any rule, the request
is denied.
All rules must define the same action. pcre is case sensitive.
You may use the <code><a href="qsfilter2.1.html">qsfilter2</a></code>
utility to generate rules based on access log files.
</li>
<li>
<a name="QS_DenyInheritanceOff"></a>
@ -1567,10 +1561,7 @@ be deflated (compressed data) using
<tr><td bgcolor="#E2EDE2">
Sample configuration:<br><a name="qsfiltersample"></a>
<pre>
# configure the audit log writing the request body data to a file
# (use this log to generate allow list rules using <a href="qsfilter2.1.html">qsfilter2</a>
# when <a href="#QS_PermitUriBody">QS_PermitUriBody</a> has been enabled)
# format:
# optional audit log writing the request body data to a file, format:
# %h:
# The remote host (used to filter by IP address).
# %>s:
@ -1578,7 +1569,7 @@ Sample configuration:<br><a name="qsfiltersample"></a>
# %{qos-loc}n
# The matching Location to generate the rules for.
# %{qos-path}n%{qos-query}n
# The request data required by qsfilter2 to generate rules.
# The request data to define rules.
CustomLog logs/qsaudit_log "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n"
# enable json parser
@ -1862,7 +1853,7 @@ survives graceful server restart. The maximum value is 10'000'000.
Defines the allowed number of <a href="glossary.html#concurrency">concurrent</a>
requests coming from the same client source IP address having the
<code><a href="#QS_EventRequest">QS_EventRequest</a></code> variable set.<br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
<small><i>Note: You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a>
directive to override the client's IP address based on the value within the defined
HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of
the client which has opened the TCP connection.</i></small>
@ -1913,17 +1904,10 @@ this limitation are denied for the specified time (blocked at request level). <b
<ul>
<li>The value of the variable defines the penalty points by which the counters
are increased. Default (empty or non-numeric value) is 1 (increment per request).</li>
<li><a name="QS_ClientIpFromHeader"></a>
You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
<li>You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a>
directive to determine the client's IP address based on the defined HTTP
request header (e.g., X-Forwarded-For) instead of taking the IP address
of the client which has opened the TCP connection. The header must only
contain a single IP address.<br>
You might also use a pseudo IP address by creating a hash from the
header's value if you prefix the header name by a '#',
e.g. <code>#Authorization</code> to use the HTTP basic auth header.
as the pseudo IP address. The special name <code>#SSL_CLIENT_S_DN</code>
creates a pseudo IP from the SSL client certificate's subject and issuer DN.
of the client which has opened the TCP connection.
</li>
<li>The current value of this counter is stored within the variable suffixed
by <code><a href="#_Counter">_Counter</a></code>, e.g. <code>QS_Limit_Counter</code> for further
@ -1953,7 +1937,7 @@ if you want to enforce a rule under certain conditions only.</li>
variable set if they are coming from the same IP address.<br>
<small><i>Notes:
<ul>
<li>You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive to
<li>You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a> directive to
override the client's IP address based on the value within the defined HTTP request
header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened
the TCP connection.
@ -2037,7 +2021,7 @@ Double quoted ISO 3166 country code, e.g. "FR" for France.
</ul>
The <a href="#QS_Country"><code>QS_Country</code></a> variable contains
the country code for the client's IP address. <br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive to
<small><i>Note: You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a> directive to
override the client's IP address based on the value within the defined HTTP request
header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened
the TCP connection to evaluate this variable.</i></small>
@ -2053,6 +2037,30 @@ Uses the geographical database loaded by
<br>Clients whose IP can't be mapped to a country code can be excluded
from the limitation by configuring the 'excludeUnknown' argument.
</li>
<li>
<a name="QS_ClientIpFromHeader"></a>
<syntax>QS_ClientIpFromHeader &lt;header&gt;</syntax><br>
The <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive can be used
to determine the client's IP address based on the defined HTTP
request header (e.g., X-Forwarded-For) instead of taking the IP address
of the client which has opened the TCP connection. The header must only
contain a single IP address.<br>
It can used for the following directives:
<a href="#QS_ClientEventRequestLimit"><code>QS_ClientEventRequestLimit</code></a>,
<a href="#QS_ClientEventLimitCount"><code>QS_ClientEventLimitCount</code></a>,
<a href="#QS_ClientSerialize"><code>QS_ClientSerialize</code></a>, and
<a href="#QS_ClientGeoCountryDB"><code>QS_ClientGeoCountryDB</code></a>.<br>
Notes:<ul>
<li>You might also use a pseudo IP address by creating a hash from the
header's value if you prefix the header name by a '#',
e.g. <code>#Authorization</code> to use the HTTP basic auth header.</li>
<li>The special name <code>#SSL_CLIENT_S_DN</code> creates a pseudo
IP from the SSL client certificate's subject and issuer DN.</li>
<li>If the remote address information has been overridden by another module such as
<a href="https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteipheader">mod_remoteip <img src="images/link.png"/></a>,
and you want to use this, use the special name <code>#USERAGENT_IP</code> (available with Apache 2.4.19 and newer).</li>
</ul>
</li>
</ul>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
@ -2408,51 +2416,20 @@ verify the status of the client. Example: <br/>
<p>
mod_qos provides optional tools for log data processing and analysis:
<ul>
<a name="qsdt"></a>
<li><syntax><a href="qsdt.1.html">qsdt</a></syntax><br>Simple tool
to measure the elapse time between related log messages.</li>
<a name="qsexec"></a>
<li><syntax><a href="qsexec.1.html">qsexec</a></syntax><br>Command execution
triggered by patterns within log files.</li>
<a name="qsfilter2"></a>
<li><syntax><a href="qsfilter2.1.html">qsfilter2</a></syntax><br>
Rule generator. Creates <code><a href="#filter">QS_Permit*</a></code> directives and rule patterns
from audit log files.</li>
<a name="qsgeo"></a>
<li><syntax><a href="qsgeo.1.html">qsgeo</a></syntax><br>Adds the country code
for the client IP address within a log file.</li>
<a name="qsgrep"></a>
<li><syntax><a href="qsgrep.1.html">qsgrep</a></syntax><br>Searches a file for a
pattern and prints the data in a new format.</li>
<a name="qslog"></a>
<li><syntax><a href="qslog.1.html">qslog</a></syntax><br>A real time
<code><a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">TransferLog/CustomLog <img src="images/link.png"/></a></code>
data analyzer. It reads the per request log data from stdin and generates
statistic records every minute.</li>
<a name="qslogger"></a>
<li><syntax><a href="qslogger.1.html">qslogger</a></syntax><br>Shell command
interface to the syslog(3) system log module.</li>
<a name="qspng"></a>
<li><syntax><a href="qspng.1.html">qspng</a></syntax><br>Creates graphics (png
images) from the output of <code>qslog</code>.</li>
<a name="qsre"></a>
<li><syntax><a href="qsre.1.html">qsre</a></syntax><br>Regular expression (pcre)
pattern match test tool.</li>
<a name="qsrespeed"></a>
<li><syntax><a href="qsrespeed.1.html">qsrespeed</a></syntax><br>Compares the
expected processing time per regular expression.</li>
<a name="qsrotate"></a>
<li><syntax><a href="qsrotate.1.html">qsrotate</a></syntax><br>Log rotation tool
similar to Apache's <code>rotatelogs</code>.</li>
<a name="qssign"></a>
<li><syntax><a href="qssign.1.html">qssign</a></syntax><br>A log data integrity
check tool. It reads log data from stdin (pipe) and writes the signed data
to stdout adding a sequence number and signature to ever log line.<br>
<a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/tools/logstash-filter-qssign/lib/logstash/filters/qssign.rb?format=raw"><code>qssign.rb</code></a> is a <a href="http://www.logstash.net/">Logstash <img src="images/link.png"/></a> filter
plugin which may be used to verify the signatures of log messages in real time.</li>
<a name="qstail"></a>
<li><syntax><a href="qstail.1.html">qstail</a></syntax><br>Shows the end of a log
file beginning at a defined pattern.</li>
</ul>
</p>
@ -2746,6 +2723,6 @@ KeepAliveTimeout 2
</table>
<br>
<hr>
<small><small>&copy; 2007-2023, Pascal Buchbinder - mod_qos version 11.74</small></small>
<small><small>&copy; 2007-2025, Pascal Buchbinder - mod_qos version 11.76</small></small>
</body>
</html>