Add Timeout/Connection closed during SSL handshake as a hostile action

Add error code 400, as that seems to be a non-good one, also on http
2025-03-22 23:00:27 +01:00 · 2025-03-21 23:37:43 +01:00
1 changed files with 15 additions and 4 deletions
--- a/lib/haproxy_parser.pm
+++ b/lib/haproxy_parser.pm
@ -22,16 +22,27 @@ sub parser {
 			m/(\ ($re_host):[0-9]{1,6})/gcix && do {
 				$host	= $2;
 			};
-	} elsif($string =~ m/https\~ https\/\<NOSRV\>/) {
-		if($string =~ m/-1\/-1\/-1\/-1\/[0-9]{1,20} 0 0/) {
-			#This one seems like someone is doing something bad. Return code 0
+	} elsif($string =~ m/https\/1: (Timeout|Connection closed) during SSL handshake/) {
+		$_		= $string;
+		$reply		= 'SSL handshake error';
+		$hostile	= 1;
+		PARSE:
+			m/(:\ ($re_host):[0-9]{1,6})/gcix && do {
+				$host	= $2;
+			};
+	} elsif($string =~ m/http(s\~|) http(s|)\/\<NOSRV\>/) {
+		if($string =~ m/-1\/-1\/-1\/-1\/[0-9]{1,20} (400|0) 0/) {
+			#This one seems like someone is doing something bad. Return code 400/0
 			$_		= $string;
 			$hostile	= 1;
-			$reply		= 'Bad request, return code 0';
+			$reply		= 'Bad request, return code 400/0';
 			PARSE:
 				m/(\ ($re_host):[0-9]{1,6})/gcix && do {
 					$host	= $2;
 				};
+		} else {
+			#Other requests of this type seems to be ... not too bad
+			$reply		= 'Not routed, but probs only random error codes'
 		}
 	} elsif($string =~ m/https\~ /) {
 		#Accepted as https, probably fine..
Author	SHA1	Message	Date
Daniel Lysfjord	7667819687	Add Timeout/Connection closed during SSL handshake as a hostile action	2025-03-22 23:00:27 +01:00
Daniel Lysfjord	8cb980a9b9	Add error code 400, as that seems to be a non-good one, also on http	2025-03-21 23:37:43 +01:00