Commit Graph

Select branches

Hide Pull Requests

master

ratelimiting

#12

#13

#14

#17

#18

#2

#21

#25

#27

#3

#33

#34

Mono Color

• 2068c3b02a Allow to disable directory listing master Alex Kotov 2023-07-12 19:08:00 +0200
• 64a4ff72f0 Remove debugging Println. Solderpunk 2023-04-09 15:24:34 +0200
• 1b7d661abd Type trashing to fix last commit. Solderpunk 2023-04-09 14:24:39 +0200
• 051df29604 Add a write deadline with maximum allowed download time derived from filesize. See #35. Solderpunk 2023-04-09 14:12:38 +0200
• 6f0865447d Adds leaky token bucket rate limiting with bans for non-compliant clients. Solderpunk 2023-04-09 13:57:59 +0200
• 2c3225c1c0 Fix crash when CGI processes end without writing anything at all to stdout. Closes #38. Solderpunk 2023-03-22 21:03:30 +0100
• 4b54eb6134 Set 30 second deadline for reading requests. See #35. Solderpunk 2023-03-19 11:51:44 +0100
• 8e618a6304 Double hard limit ban durations each time. ratelimiting Solderpunk 2023-03-19 10:31:06 +0100
• 4b9a7e8ad5 Correctly implement bans for clients exceeding hard limit. Solderpunk 2023-03-19 10:30:08 +0100
• efde852c54 Refactor rate limiting to have soft and hard limits, block clients exceeding hard limits for one hour. Solderpunk 2023-03-18 16:40:23 +0100
• 3c5835f033 Continue to increment drips once bucket is overflowing. Solderpunk 2023-03-18 15:45:35 +0100
• a6170a355d Make rate limiting configurable. Solderpunk 2023-03-17 19:52:39 +0100
• 5016f40edb Initial implementation of leaky bucket rate limiting. Solderpunk 2023-03-16 20:27:45 +0100
• c4866d2965 Check for a CGI path prefix before insisting that an exact path exists on disk. Closes #36. Solderpunk 2023-03-16 19:23:32 +0100
• 72a94cab00 Restore Go 1.15 compatibility. Solderpunk 2023-03-04 14:27:01 +0100
• e30f39b196 Fix typo in error message. Solderpunk 2023-03-02 19:43:24 +0100
• 3a03995f26 Actually, be *more* clever about client certs...(see e70ec) Solderpunk 2023-03-02 17:24:34 +0100
• bd07cb3507 Check for errors when parsing TLS certificates even after successful PEM decoding. Solderpunk 2023-03-01 19:50:45 +0100
• 81b4f1dcc0 Fix small variable name error. Solderpunk 2023-02-27 08:35:11 +0100
• d3d415b612 Add missing return. Solderpunk 2023-02-26 19:42:49 +0100
• eefb1bc3a6 Further simplifications of config parsing code. Solderpunk 2023-02-26 19:42:30 +0100
• f9585ff2b7 Rearrange the logic of handling requests without changing behaviour. Solderpunk 2023-02-25 12:06:34 +0100
• eb85a6e94c Another big refactor, splitting the Config struct in two. Solderpunk 2023-02-25 11:29:13 +0100
• e70ec82594 Don't try to be clever about when to request client certs: we never know what could be in a .molly file. Solderpunk 2023-02-24 19:12:52 +0100
• bff3d6d486 Restore logging functionality after some subtle variable declaration scoping bugs wiped it out! Solderpunk 2023-02-23 20:49:28 +0100
• a9dab7b48c Argh, fix stupid typo. Solderpunk 2023-02-23 20:04:48 +0100
• c50accfaec Only drop supplementary groups if root is amongst them. Solderpunk 2023-02-23 20:03:21 +0100
• 0274ef8f35 Print warning about expired certificates. Solderpunk 2023-02-23 19:59:11 +0100
• 800c181668 Ensure supplied TLS certificate is valid for configured hostname. Solderpunk 2023-02-23 19:47:14 +0100
• d67f896b84 Add AllowTLS12 option to switch minimum TLS version between 1.2 and 1.3. Solderpunk 2023-02-23 19:31:16 +0100
• 67386cd118 Update README to reflect movement of unix security stuff out of config file into command line switches. Solderpunk 2023-02-23 18:57:56 +0100
• 212c9f79fb A rather extensive refactor. Solderpunk 2023-02-23 18:49:15 +0100
• 8d1a04cb27 Fix minor bugs on OpenBSD-only code, after discovering easy of cross-compilation in Go. Solderpunk 2023-02-22 21:16:11 +0100
• 40203a8856 Use net/http.DetectContentType as a last resort for MIME, rather than hardcoding application/octet-stream. Solderpunk 2023-02-21 19:22:19 +0100
• 75c283fc74 Restore documented setuid behaviour. Solderpunk 2023-02-19 18:28:52 +0100
• f63fcdb6d1 Do not request client certificates if we're never going to need them. Solderpunk 2023-02-19 15:17:45 +0100
• 7a89b307a1 Just use the log package's default logger as the error log. Solderpunk 2023-02-19 15:04:34 +0100
• 072669a167 Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. Solderpunk 2023-02-19 14:40:54 +0100
• 7fad754ff2 Drop privileges much more thoroughly, thanks nervuri! (see issue #16) Solderpunk 2023-02-19 13:17:24 +0100
• 182e58ffe3 Make unprivileged user configurable, thanks nervuri! (see issue #16) Solderpunk 2023-02-15 21:16:49 +0100
• c0c67f7ba6 Whoops, don't ignore error from filepath.Abs. Solderpunk 2023-02-15 21:15:14 +0100
• 8372142843 Add support for chroot()ing server early after startup, more work toward issue #16. Solderpunk 2023-02-15 21:10:22 +0100
• 06c6d190a6 Guard against symbolic links escaping the document base. Solderpunk 2023-02-13 22:15:42 +0100
• bb0a04d2c7 Add a little bit of extra security advice to the README, a tiny extra step toward closing issue #16. Solderpunk 2023-02-13 21:52:08 +0100
• 4e6a8fcd05 Use setuid() systemcall wherever possible to reduce privileges before accepting network connections. First step toward solving issue #16. Solderpunk 2023-02-13 20:26:52 +0100
• 5258b29c6b Big ol' gofmt. Solderpunk 2023-02-10 17:19:21 +0100
• 56d8dde14a Chdir to / so that Molly doesn't interfere with unmounting. Solderpunk 2023-02-10 16:16:57 +0100
• b16fe0b8d4 Absolutise DocBase before trying to absolutise anything else relative to it. Solderpunk 2023-02-08 20:32:17 +0100
• 17d17a1629 Catch SIGTERM and shutdown gracefully. Solderpunk 2023-02-08 19:56:27 +0100
• 86720131d3 Declare dependenc upon x/sys to support OpenBSD security features. Solderpunk 2023-02-08 19:54:58 +0100
• b16a8584a6 Merge pull request 'Added pledge(2) and unveil(2) system calls to improve security on OpenBSD.' (#13) from kvothe/molly-brown:master into master Solderpunk 2023-02-08 17:54:29 +0000
• 0d5d67c86d Forcibly ingest Kool-Aid. Solderpunk 2023-02-08 18:53:29 +0100
• 3be10b82d7 Allow no access logging with empty string log file path. Solderpunk 2023-02-07 19:59:43 +0100
• 443bfd4bbd Change to error logging behaviour (stderr instead of stdout, by default). Solderpunk 2023-02-07 19:33:14 +0100
• 16bf8e0534 Refuse to use a world-readable TLS key. Solderpunk 2023-02-07 19:23:35 +0100
• c0d0c0991c Update date and email address in LICENSE. Solderpunk 2023-02-07 19:12:24 +0100
• 8541b6194b Resolve non-absolute values of CGIPaths relative to DocBase. Closes #24. Solderpunk 2023-02-05 16:54:00 +0100
• 2d6f4db38e Add -v flag to print version and exit. Closes #23. Solderpunk 2023-02-05 15:36:18 +0100
• d9e0fed193 Tidy up DirectorySubdirsFirst sorting code by doing two consecutive sorts. Closes #30. Solderpunk 2023-02-05 15:04:49 +0100
• 8446885f56 Rename DirectoriesFirst option to DirectorySubdirsFirst and document in README. Solderpunk 2023-02-05 14:35:29 +0100
• 67d509a234 Sort directory listings with directories before files Russ Magee 2021-08-11 14:05:38 -0700
• 733e518392 Accept requests where the URL has a FQDN hostname with a trailing dot. Closes #20. Solderpunk 2023-01-29 12:29:01 +0100
• a41898b012 Add DefaultEncoding option to config/.molly files. Closes #19. Solderpunk 2023-01-29 12:07:52 +0100
• f05bab2b73 Make test of request URL hostname against configured hostname case insensitive. Closes #29. Solderpunk 2023-01-28 19:22:31 +0100
• 16ed9e5cff Allow redirects to other hosts. Closes #26. Solderpunk 2023-01-28 19:16:11 +0100
• 847a33760e document the shlex dependency #34 Travis J Parker 2022-06-17 10:49:54 +0200
• edea699ddf adds shlex dependency Travis J Parker 2022-06-17 10:48:36 +0200
• bc34e10445 add go.mod and go.sum Travis J Parker 2022-06-14 18:42:29 +0200
• c77111e512 bugfixes from testing Travis J Parker 2022-06-17 10:33:27 +0200
• 505ad17819 run substitutions on args in CGICommand Travis J Parker 2022-06-15 17:47:38 +0200
• 50f9d49e6c move shlex parsing to server startup time #33 Travis J Parker 2022-06-14 18:39:10 +0200
• c9838f3f29 implement CGICommand as a CGI program override Travis J Parker 2022-06-13 22:57:51 +0200
• 2dcaf941e4 Sort directory listings with directories before files #27 Russ Magee 2021-08-11 14:05:38 -0700
• e42c366565 Merge pull request 'Add FreeBSD example rc script' (#25) from ecliptik/molly-brown:freebsd-rc-example into master Solderpunk 2021-05-01 14:48:48 +0000
• b73e10ad58
  Add FreeBSD example rc script #25 Micheal Waltz 2021-04-25 01:11:15 -0700
• cad4a43e98 Add an option to not include symlinks in dirlist. #21 Paper 2021-02-08 12:27:31 +0100
• 92cd40db12 Allow access and error logging to stdout by configuring a path of "-". Solderpunk 2021-01-24 17:09:47 +0100
• e06f8bddbc Fix infinite redirect bug. Solderpunk 2021-01-24 16:27:07 +0100
• 3d4d830e98 Merge pull request 'Add "AUTH_TYPE" environment variable when client cert is present' (#14) from khuxkm/molly-brown:master into master Solderpunk 2020-12-27 20:21:49 +0000
• 2e4a10297e Merge pull request 'Don't include port in REMOTE_ADDR' (#18) from makeworld/molly-brown:master into master Solderpunk 2020-12-27 17:40:18 +0000
• 99ba34c2b7 Merge branch 'master' into master #18 makeworld 2020-12-26 23:33:41 +0000
• e0e0cf7dd6 Don't include port in REMOTE_ADDR makeworld 2020-12-26 18:23:36 -0500
• 34e05cc0b5 Merge pull request 'Use io.Copy over ioutil.ReadFile' (#17) from makeworld/molly-brown:master into master Solderpunk 2020-12-10 07:12:26 +0000
• c6c6e544d6 Use io.Copy over ioutil.ReadFile #17 makeworld 2020-12-09 17:59:00 -0500
• 06ae7c0442 Add "AUTH_TYPE" environment variable when client cert is present #14 Robert Miles 2020-11-28 10:07:27 +0000
• 1c0fb0d856 Fixed a typo in the OpenBSD enableSecurityRestrictions docs. #13 kvothe. 2020-09-16 23:49:03 -0400
• a8f59868f3 Update requirements list for OpenBSD. kvothe. 2020-09-16 23:32:35 -0400
• fb77a13088 Finished the OpenBSD pledge/unveil implementation after testing SCGI procs. kvothe. 2020-09-16 23:24:41 -0400
• 69a253f820 Tested unveiling CGI dirs and globs as executable. kvothe. 2020-09-15 22:14:12 -0400
• 03ca12d0c1 First pass at a pledge/unveil implementation for OpenBSD. kvothe. 2020-09-14 22:21:05 -0400
• 48f9a206c0 Merge pull request 'Added more details on the OpenBSD setup and pointed molly-brown.openbsd.example to the default molly.conf.' (#12) from kvothe/molly-brown:master into master Solderpunk 2020-08-19 18:48:24 +0000
• d71b43f35c Added more details on the OpenBSD setup and pointed molly-brown.openbsd.example to the default molly.conf. #12 kvothe. 2020-08-02 09:41:57 -0400
• 02dc6a82c6 Add trailing slash to subdirectory links in directory listings. Solderpunk 2020-07-30 18:49:59 +0200
• b26fb875a7 Fix configuration option name typo in README. Thanks, acdw! Closes #11. Solderpunk 2020-07-26 17:35:58 +0200
• 62b22a9471 Mention OpenBSD support, add example init script. Solderpunk 2020-07-12 16:28:41 +0200
• 2e510328ef Fix serious bug whereby config changes made in .molly files apply everywhere and persist until server restart! Solderpunk 2020-07-06 19:08:03 +0200
• 7d8bacdc90 Log stderr from CGI processes which exit with non-zero status to the error log. Closes #7. Solderpunk 2020-07-06 16:13:56 +0200
• b9334e07a9 Fix bug with long filenames or titles. Solderpunk 2020-07-04 13:13:58 +0200
• 48aed1398d Log remote IP address when reading a request fails. Solderpunk 2020-07-03 11:16:07 +0200
• 2241302856 Order log columns more sensibly and drop port from remote addresses. Solderpunk 2020-07-01 23:44:59 +0200