appliedawesome / rebuff Goto Github PK

Firewall as a Service

Packet inspection for:

• SQL injections
• ??? Mitigation of DoS and DDoS attacks Deny common attacks

What's needed?

• DNS roundrobin in front of...
• ?x servers
• iptables for control
• something to inspect every packet?

Every request is checked by and returns:

• part of the request (REQUEST_FILENAME|ARGS_NAMES|ARGS|XML)
• log of attack blocked
• severity

class Rebuff

def call(env) request = Rack::Request.new(env) headers = Rack::Utils::HeaderHash.new customer = Customer.find(env.headers.customer_id)

if customer.bad_requests.include?(/request.body/)
  [500, {}, []]
end

env.each do |key, value|
  if key =~ /HTTP_(.*)/
    headers[$1] = value
  end
end

result = Net::HTTP.start(@host, @port) do |http|
  method = rack_request.request_method
  case method
  when "GET", "HEAD", "DELETE", "OPTIONS", "TRACE"
    req = Net::HTTP.const_get(method.capitalize).new(request.fullpath, headers)
  when "PUT", "POST"
    req = Net::HTTP.const_get(method.capitalize).new(request.fullpath, headers)
  else
    raise "Method not supported: #{method}"
  end
  
  http.request(result)
end

[result.code, Rack::Utils::HeaderHash.new(result.to_hash), [result.body]]

end end

• Bandwidth. Who pays for it?
• let's say that Jimmy User does a promotion of some sort that suddenly gets hella hits. all that shit coming from a couple of IPs is so gonna get flagged and ACL'd as a DoS. logic dictates that you're going to be the one that gets the support call.
• How is ssl encryption/decryption handled?