(w http.ResponseWriter, r *http.Request, cr policy.CheckResult, lg *slog.Logger, rule *policy.Bot)
| 289 | } |
| 290 | |
| 291 | func (s *Server) checkRules(w http.ResponseWriter, r *http.Request, cr policy.CheckResult, lg *slog.Logger, rule *policy.Bot) bool { |
| 292 | // Adjust cookie path if base prefix is not empty |
| 293 | cookiePath := "/" |
| 294 | if anubis.BasePrefix != "" { |
| 295 | cookiePath = strings.TrimSuffix(anubis.BasePrefix, "/") + "/" |
| 296 | } |
| 297 | |
| 298 | localizer := localization.GetLocalizer(r) |
| 299 | |
| 300 | switch cr.Rule { |
| 301 | case config.RuleAllow: |
| 302 | lg.Debug("allowing traffic to origin (explicit)") |
| 303 | s.ServeHTTPNext(w, r) |
| 304 | return true |
| 305 | case config.RuleDeny: |
| 306 | s.ClearCookie(w, CookieOpts{Path: cookiePath, Host: r.Host}) |
| 307 | lg.Info("explicit deny") |
| 308 | if rule == nil { |
| 309 | lg.Error("rule is nil, cannot calculate checksum") |
| 310 | s.respondWithError(w, r, fmt.Sprintf("%s \"maybeReverseProxy.RuleDeny\"", localizer.T("internal_server_error")), makeCode(ErrActualAnubisBug)) |
| 311 | return true |
| 312 | } |
| 313 | hash := rule.Hash() |
| 314 | |
| 315 | lg.Debug("rule hash", "hash", hash) |
| 316 | s.respondWithStatus(w, r, fmt.Sprintf("%s %s", localizer.T("access_denied"), hash), "", s.policy.StatusCodes.Deny) |
| 317 | return true |
| 318 | case config.RuleChallenge: |
| 319 | lg.Debug("challenge requested") |
| 320 | case config.RuleBenchmark: |
| 321 | lg.Debug("serving benchmark page") |
| 322 | s.RenderBench(w, r) |
| 323 | return true |
| 324 | default: |
| 325 | s.ClearCookie(w, CookieOpts{Path: cookiePath, Host: r.Host}) |
| 326 | lg.Error("CONFIG ERROR: unknown rule", "rule", cr.Rule) |
| 327 | s.respondWithError(w, r, fmt.Sprintf("%s \"maybeReverseProxy.Rules\"", localizer.T("internal_server_error")), makeCode(ErrActualAnubisBug)) |
| 328 | return true |
| 329 | } |
| 330 | return false |
| 331 | } |
| 332 | |
| 333 | func (s *Server) handleDNSBL(w http.ResponseWriter, r *http.Request, ip string, lg *slog.Logger) bool { |
| 334 | db := &store.JSON[dnsbl.DroneBLResponse]{Underlying: s.store, Prefix: "dronebl:"} |
no test coverage detected