debian/0000755000000000000000000000000012167501060007164 5ustar debian/watch0000644000000000000000000000010012167234670010216 0ustar version=3 http://sf.net/mod-spamhaus/mod-spamhaus-(.+)\.tar\.gz debian/apache20000644000000000000000000000013212167240573010417 0ustar mod src/.libs/mod_spamhaus.so mod debian/conf/spamhaus.load mod debian/conf/spamhaus.conf debian/rules0000755000000000000000000000152412167235110010246 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir $(MAKE) touch $@ clean: dh_testdir dh_testroot rm -f build-stamp mkdir -p src/.libs $(MAKE) clean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_install dh_apache2 dh_link dh_strip dh_compress dh_fixperms dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/conf/0000755000000000000000000000000012167240551010116 5ustar debian/conf/spamhaus.load0000644000000000000000000000010612167234670012602 0ustar LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so debian/conf/spamhaus.conf0000644000000000000000000000310712167234670012614 0ustar #MS_Methods # Syntax: MS_Methods POST,PUT,OPTIONS # Default: POST,PUT,OPTIONS # # The values admitted are the httpd's methods (GET,POST,etc) # Module verify remote ip address if the method used by the user is present # in the value passed to this variable. Methods must be comma-separated MS_METHODS POST,PUT,OPTIONS,CONNECT #MS_WhiteList # Syntax: MS_WhiteList /etc/spamhaus.wl # Default: no value # Path of whitelist file. # After you've edit it, you mustn't reload apache. This file will be read only # when 'data modification time' change. You can add an individual IP address or # subnets with CIDR. #MS_WhiteList /etc/spamhaus.wl #MS_DNS # Syntax: MS_DNS sbl-xbl.spamhaus.org # Default: sbl-xbl.spamhaus.org # Name server to use for verify is an ip is blacklisted. # Using a local rbldnsd instance of sbl-xbl, you can increase query performance #MS_Dns local.rbldnsd.instance.of.sbl-xbl #MS_CacheSize # Syntax: MS_CacheSize 256 # Default: 512 # Max value: 8192 # This directive can manage the number of cache entries. #MS_CacheSize 512 #MS_CustomError # Syntax: MS_CustomError "My custom error message" # Default: "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." # A custom error message that allows you to replace default error message with one you create #MS_CustomError "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." debian/copyright0000644000000000000000000000235612167234670011137 0ustar This package was debianized by Giuseppe Iuculano on Sat, 25 Oct 2008 17:54:55 +0200. It was downloaded from http://sourceforge.net/projects/mod-spamhaus/ Upstream Author: Luca Ercoli Copyright: Copyright (C) 2008 Luca Ercoli License: This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. The Debian packaging is (C) 2008, Giuseppe Iuculano and is licensed under the same license as the software itself. debian/postrm0000644000000000000000000000050212167245645010446 0ustar #! /bin/sh set -e dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" #DEBHELPER# exit 0 debian/preinst0000644000000000000000000000126012167305671010604 0ustar #! /bin/sh set -e # We have to tell a2dismod about the removal before moving the conffile. if ([ "$1" = install ] || [ "$1" = "upgrade" ]) && [ "$2" ] && \ dpkg --compare-versions "$2" le-nl 0.7-1.1~; then if [ ! -h /etc/apache2/mods-enabled/mod-spamhaus.load ]; then touch /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled fi a2dismod -p -m -f -q mod-spamhaus fi dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" #DEBHELPER# exit 0 debian/source/0000755000000000000000000000000012167235535010477 5ustar debian/source/format0000644000000000000000000000001412167235535011705 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012167236044010622 5ustar debian/patches/aplog-use-module.patch0000644000000000000000000000106012167236030015012 0ustar Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels Author: Colin Watson Forwarded: no Last-Update: 2013-07-10 Index: b/src/mod_spamhaus.c =================================================================== --- a/src/mod_spamhaus.c +++ b/src/mod_spamhaus.c @@ -47,6 +47,10 @@ #define WHITELIST_SIZE 2048 #define MAX_CACHE_SIZE 8192 +#ifdef APLOG_USE_MODULE +APLOG_USE_MODULE(spamhaus); +#endif + module AP_MODULE_DECLARE_DATA spamhaus_module; static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); debian/patches/series0000644000000000000000000000006012167235762012041 0ustar aplog-use-module.patch conn-rec-remote-ip.patch debian/patches/conn-rec-remote-ip.patch0000644000000000000000000000651212167236044015252 0ustar Description: Handle conn_rec->remote_ip split in Apache 2.4 Author: Colin Watson Forwarded: no Last-Update: 2013-07-10 Index: b/src/mod_spamhaus.c =================================================================== --- a/src/mod_spamhaus.c +++ b/src/mod_spamhaus.c @@ -53,6 +53,13 @@ module AP_MODULE_DECLARE_DATA spamhaus_module; +#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \ + (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4) +#define CLIENT_IP(conn) ((conn)->client_ip) +#else +#define CLIENT_IP(conn) ((conn)->remote_ip) +#endif + static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); static void *spamhaus_create_dir_config(apr_pool_t *p, char *path); static int spamhaus_handler(request_rec *r); @@ -184,7 +191,7 @@ if ( brokenfeed ) *brokenfeed = '\0'; if ( (strchr(lista[count],'/') == NULL )){ - if ( strcmp(lista[count],r->connection->remote_ip) == 0 ) return 1; + if ( strcmp(lista[count],CLIENT_IP(r->connection)) == 0 ) return 1; } else { @@ -206,7 +213,7 @@ in.s_addr = last; sscanf(inet_ntoa(in), "%d.%d.%d.%d", &a_max, &b_max, &c_max, &d_max); - sscanf(r->connection->remote_ip, "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); + sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); if ( @@ -250,14 +257,14 @@ if ( strstr(cfg->methods,r->method) != NULL ) { - for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],r->connection->remote_ip) == 0 ) return DECLINED; + for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],CLIENT_IP(r->connection)) == 0 ) return DECLINED; struct hostent *hp = 0; memset(lookup_this,'\0',512); - sscanf(r->connection->remote_ip, "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); + sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); snprintf(lookup_this,512,"%d.%d.%d.%d.%s",oct4,oct3,oct2,oct1,cfg->dnshost); @@ -275,15 +282,15 @@ if (oct1 != 127) { - ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",r->connection->remote_ip); + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",CLIENT_IP(r->connection)); return DECLINED; } if ( (strcmp(cfg->whitelist,"no-white-list")!= 0) ) { if ( check_whitelist(cfg->whitelist,r) ) { - ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", r->connection->remote_ip,r->hostname,r->uri); - add_cache(r->connection->remote_ip,cfg->nip_incache); + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", CLIENT_IP(r->connection),r->hostname,r->uri); + add_cache(CLIENT_IP(r->connection),cfg->nip_incache); return DECLINED; } @@ -301,7 +308,7 @@ } - add_cache(r->connection->remote_ip,cfg->nip_incache); + add_cache(CLIENT_IP(r->connection),cfg->nip_incache); return DECLINED; debian/compat0000644000000000000000000000000212167234670010374 0ustar 5 debian/control0000644000000000000000000000136212167234726010605 0ustar Source: mod-spamhaus Section: web Priority: extra Maintainer: Giuseppe Iuculano Build-Depends: debhelper (>= 5), dh-apache2, apache2-dev Standards-Version: 3.8.0 Homepage: http://sourceforge.net/projects/mod-spamhaus/ Package: libapache2-mod-spamhaus Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Apache DNSBL module that blocks listed IP addresses mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam relaying via web form URL injection, and block HTTP DDoS attacks from bot-nets. . It queries sbl-xbl.spamhaus.org, taking advantage of the Spamhaus Block List (SBL) and the Exploits Block List (XBL). debian/postinst0000644000000000000000000000214612167304305011000 0ustar #! /bin/sh set -e # We cannot use dh_installdeb and debian/maintscript for this, because the # conffile must be renamed before dh_apache2's generated postinst fragment # tries to reload the server. dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" #DEBHELPER# if [ "$1" = configure ] && [ "$2" ] && \ dpkg --compare-versions "$2" le-nl 0.7-1.1~ && \ [ -e /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled ]; then # We're upgrading, and the old name was disabled, so it must # have been disabled by the site administrator. Preserve # this. rm -f /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then echo "Disabling spamhaus again to reflect previous mod-spamhaus configuration." . /usr/share/apache2/apache2-maintscript-helper a2dismod -f -q spamhaus apache2_reload restart fi fi exit 0 debian/changelog0000644000000000000000000000105712167501055011045 0ustar mod-spamhaus (0.7-1.1) unstable; urgency=low * Non-maintainer upload. * Port to Apache 2.4 (closes: #666847). * Rename mod-spamhaus.conf and mod-spamhaus.load to the standard form of spamhaus.conf and spamhaus.load, otherwise the prerm/postrm scripts generated by dh_apache2 are unable to unload the module. -- Colin Watson Thu, 11 Jul 2013 11:00:10 +0100 mod-spamhaus (0.7-1) unstable; urgency=low * Initial release (Closes: #503395) -- Giuseppe Iuculano Sun, 02 Nov 2008 10:50:43 +0100