7 Commits

Author SHA1 Message Date
3b4e96509b explicitly dont handle returns in certain places 2022-05-29 15:09:58 +02:00
a0e42d369a fix command order if host is invalid but port proper 2022-05-29 15:07:01 +02:00
871fe76df5 return proper http errors 2022-05-29 15:05:13 +02:00
2b8510c5ee cleanup nping commands 2022-05-29 14:26:09 +02:00
955f1253af add nping handler, port support and fmt code 2022-05-29 14:20:06 +02:00
a94503ba7a add caddy config example 2022-01-07 10:05:29 +01:00
ce95696ef0 add environment values 2022-01-06 23:37:03 +01:00
7 changed files with 254 additions and 141 deletions

View File

@ -58,6 +58,8 @@ The app currently has 4 runtime flags:
- `-x / --disable-x-forwarded-for` -- disables checking for the X-Forwarded-For header
- `-l / --allow-private` -- allows lookups of private IP ranges
All of the Flags also have an accompanying environment value: `PROBEHOST_LOGPATH`, `PROBEHOST_ALLOW_PRIVATE`, `PROBEHOST_LISTEN_PORT` and `PROBEHOST_DISABLE_X_FORWARDED_FOR` but the options given via commandline have priority.
The app will log every request including the IP thats querying and show failed requests on stdout.
Requests that contain an X-Forwarded-For header (implying the app is behind a reverse proxy) will automatically log that address instead of the requesting IP (the proxy itself), this can be turned off with -x.

29
caddy/Caddyfile Normal file
View File

@ -0,0 +1,29 @@
{
email [your email]
order rate_limit before basicauth
}
:80, :443 {
redir * https://[your domain]
}
[your domain] {
reverse_proxy [host]:[port]
log {
output file [path] {
roll_size 10GiB
roll_keep 10
}
level INFO
}
handle_errors {
respond "{http.error.status_code} {http.error.status_text}"
}
rate_limit {
zone dynamic {
key {remote_host}
events 2
window 5s
}
}
}

8
caddy/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM caddy:builder AS builder
RUN xcaddy build \
--with github.com/mholt/caddy-ratelimit \
--with github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

5
caddy/README.md Normal file
View File

@ -0,0 +1,5 @@
# caddy
This folder contains a sample configuration for caddy with ratelimiting enabled. this will allow 2 requests per IP every 5 seconds. For more on that, check here: https://github.com/mholt/caddy-ratelimit
I have also included a dockerfile to build caddy with the ratelimiting module.

1
caddy/build.sh Executable file
View File

@ -0,0 +1 @@
xcaddy build --with github.com/mholt/caddy-ratelimit

View File

@ -5,6 +5,11 @@ services:
container_name: probehost2
image: byreqz/probehost2:latest
restart: unless-stopped
environment:
- PROBEHOST_LOGPATH=/probehost2.log
- PROBEHOST_ALLOW_PRIVATE=false
- PROBEHOST_DISABLE_X_FORWARDED_FOR=false
- PROBEHOST_LISTEN_PORT=8000
ports:
- 1234:8000
volumes:

119
main.go
View File

@ -1,15 +1,16 @@
package main
import (
"fmt"
"net"
"net/http"
"os"
"os/exec"
"strconv"
"strings"
"net/http"
"net"
log "github.com/sirupsen/logrus"
flag "github.com/spf13/pflag"
)
var logstdout = log.New()
@ -20,17 +21,41 @@ var disablexforwardedfor bool
var allowprivate bool
func init() {
var logfilepath string
flag.StringVarP(&logfilepath, "logfilepath", "o","probehost2.log", "sets the output file for the log")
flag.IntVarP(&listenport, "port", "p", 8000, "sets the port to listen on")
flag.BoolVarP(&disablexforwardedfor, "disable-x-forwarded-for", "x", false, "whether to show x-forwarded-for or the requesting IP")
flag.BoolVarP(&allowprivate, "allow-private", "l", false, "whether to show lookups of private IP ranges")
flag.Parse()
logstdout.SetFormatter(&log.TextFormatter{
FullTimestamp: true})
logstdout.SetOutput(os.Stdout)
logstdout.SetLevel(log.InfoLevel)
var logfilepath string
if _, exists := os.LookupEnv("PROBEHOST_LOGPATH"); exists == true {
logfilepath, _ = os.LookupEnv("PROBEHOST_LOGPATH")
} else {
logfilepath = "probehost2.log"
}
if exists, _ := os.LookupEnv("PROBEHOST_ALLOW_PRIVATE"); exists == "true" {
allowprivate = true
} else {
allowprivate = false
}
if envvalue, exists := os.LookupEnv("PROBEHOST_LISTEN_PORT"); exists == true {
var err error
listenport, err = strconv.Atoi(envvalue)
if err != nil {
logstdout.Fatal("Failed to read PROBEHOST_LISTEN_PORT: ", err.Error())
}
} else {
listenport = 8000
}
if exists, _ := os.LookupEnv("PROBEHOST_DISABLE_X_FORWARDED_FOR"); exists == "true" {
disablexforwardedfor = true
} else {
disablexforwardedfor = false
}
flag.StringVarP(&logfilepath, "logfilepath", "o", logfilepath, "sets the output file for the log")
flag.IntVarP(&listenport, "port", "p", listenport, "sets the port to listen on")
flag.BoolVarP(&disablexforwardedfor, "disable-x-forwarded-for", "x", disablexforwardedfor, "whether to show x-forwarded-for or the requesting IP")
flag.BoolVarP(&allowprivate, "allow-private", "l", allowprivate, "whether to show lookups of private IP ranges")
flag.Parse()
logpath, err := os.OpenFile(logfilepath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0660)
if err != nil {
@ -67,20 +92,38 @@ func runner(remoteip string, command string, args... string) string{
return string(cmd)
}
func validatehosts(hosts []string) []string{
var valid []string
func validatehosts(hosts []string) ([]string, []string) {
var validhosts []string
var validports []string
for _, host := range hosts {
split := strings.Split(host, "_")
host = split[0]
if hostparse := net.ParseIP(host); hostparse != nil {
if (net.IP.IsPrivate(hostparse) || net.IP.IsLoopback(hostparse)) && allowprivate {
valid = append(valid, host)
validhosts = append(validhosts, host)
} else if !(net.IP.IsPrivate(hostparse) || net.IP.IsLoopback(hostparse)) {
valid = append(valid, host)
validhosts = append(validhosts, host)
}
} else if _, err := net.LookupIP(host); err == nil {
valid = append(valid, host)
validhosts = append(validhosts, host)
} else {
continue
}
var port string
if len(split) > 1 {
port = split[1]
_, err := strconv.Atoi(port) // validate if port is just an int
if err == nil {
validports = append(validports, port)
} else {
validports = append(validports, "0")
}
} else {
validports = append(validports, "0")
}
}
return valid
return validhosts, validports
}
func parseopts(options []string, cmdopts map[string]string) []string {
@ -94,7 +137,7 @@ func parseopts(options []string, cmdopts map[string]string) []string{
func prerunner(req *http.Request, cmd string, cmdopts map[string]string, defaultopts []string) string {
geturl := strings.Split(req.URL.String(), "/")
targets := strings.Split(geturl[2], ",")
hosts := validatehosts(targets)
hosts, ports := validatehosts(targets)
var opts []string
opts = append(opts, defaultopts...)
if len(geturl) > 3 && len(geturl[3]) > 0 {
@ -109,10 +152,13 @@ func prerunner(req *http.Request, cmd string, cmdopts map[string]string, default
} else {
remoteaddr = req.RemoteAddr
}
for _, host := range hosts {
args = append(args, opts...)
args = append(args, host)
res = fmt.Sprint(res, runner(remoteaddr, cmd, args...), "\n")
for i, host := range hosts {
runargs := append(args, opts...)
if ports[i] != "0" && cmd == "nping" {
runargs = append(runargs, "-p"+ports[i])
}
runargs = append(runargs, host)
res = fmt.Sprint(res, runner(remoteaddr, cmd, runargs...), "\n")
}
return res
}
@ -127,9 +173,9 @@ func ping(w http.ResponseWriter, req *http.Request) {
defaultopts = append(defaultopts, "-c10")
res := prerunner(req, cmd, cmdopts, defaultopts)
if strings.TrimSpace(res) == "" {
fmt.Fprintln(w, http.StatusInternalServerError)
http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
} else {
fmt.Fprint(w, strings.TrimSpace(res), "\n")
_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
}
}
@ -143,9 +189,9 @@ func mtr(w http.ResponseWriter, req *http.Request) {
defaultopts = append(defaultopts, "-r", "-w", "-c10")
res := prerunner(req, cmd, cmdopts, defaultopts)
if strings.TrimSpace(res) == "" {
fmt.Fprintln(w, http.StatusInternalServerError)
http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
} else {
fmt.Fprint(w, strings.TrimSpace(res), "\n")
_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
}
}
@ -159,9 +205,25 @@ func traceroute(w http.ResponseWriter, req *http.Request) {
//defaultopts = append(defaultopts) // no default options for traceroute
res := prerunner(req, cmd, cmdopts, defaultopts)
if strings.TrimSpace(res) == "" {
fmt.Fprintln(w, http.StatusInternalServerError)
http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
} else {
fmt.Fprint(w, strings.TrimSpace(res), "\n")
_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
}
}
func nping(w http.ResponseWriter, req *http.Request) {
cmd := "nping"
cmdopts := map[string]string{
"4": "-4", "6": "-6", "u": "--udp", "t": "--tcp-connect", "v": "-v", "c1": "-c1", "c3": "-c3", "c5": "-c5",
"force4": "-4", "force6": "-6", "udp": "--udp", "tcp": "--tcp-connect", "verbose": "-v", "count1": "-c1", "count3": "-c3", "count5": "-c5",
}
var defaultopts []string
defaultopts = append(defaultopts, "-c3")
res := prerunner(req, cmd, cmdopts, defaultopts)
if strings.TrimSpace(res) == "" {
http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
} else {
_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
}
}
@ -170,7 +232,8 @@ func main() {
http.HandleFunc("/mtr/", mtr)
http.HandleFunc("/tracert/", traceroute)
http.HandleFunc("/traceroute/", traceroute)
http.HandleFunc("/nping/", nping)
logstdout.Info("Serving on :", listenport)
logfile.Info("Serving on :", listenport)
http.ListenAndServe(fmt.Sprint(":", listenport), nil)
_ = http.ListenAndServe(fmt.Sprint(":", listenport), nil)
}