Commit Graph

Select branches

Hide Pull Requests

master

ratelimiting

#12

#13

#14

#17

#18

#2

#21

#25

#27

#3

#33

#34

Mono Color

• 2068c3b02a Allow to disable directory listing master Alex Kotov 2023-07-12 19:08:00 +0200
• 64a4ff72f0 Remove debugging Println. Solderpunk 2023-04-09 15:24:34 +0200
• 1b7d661abd Type trashing to fix last commit. Solderpunk 2023-04-09 14:24:39 +0200
• 051df29604 Add a write deadline with maximum allowed download time derived from filesize. See #35. Solderpunk 2023-04-09 14:12:38 +0200
• 6f0865447d Adds leaky token bucket rate limiting with bans for non-compliant clients. Solderpunk 2023-04-09 13:57:59 +0200
• 2c3225c1c0 Fix crash when CGI processes end without writing anything at all to stdout. Closes #38. Solderpunk 2023-03-22 21:03:30 +0100
• 4b54eb6134 Set 30 second deadline for reading requests. See #35. Solderpunk 2023-03-19 11:51:44 +0100
• 8e618a6304 Double hard limit ban durations each time. ratelimiting Solderpunk 2023-03-19 10:31:06 +0100
• 4b9a7e8ad5 Correctly implement bans for clients exceeding hard limit. Solderpunk 2023-03-19 10:30:08 +0100
• efde852c54 Refactor rate limiting to have soft and hard limits, block clients exceeding hard limits for one hour. Solderpunk 2023-03-18 16:40:23 +0100
• 3c5835f033 Continue to increment drips once bucket is overflowing. Solderpunk 2023-03-18 15:45:35 +0100
• a6170a355d Make rate limiting configurable. Solderpunk 2023-03-17 19:52:39 +0100
• 5016f40edb Initial implementation of leaky bucket rate limiting. Solderpunk 2023-03-16 20:27:45 +0100
• c4866d2965 Check for a CGI path prefix before insisting that an exact path exists on disk. Closes #36. Solderpunk 2023-03-16 19:23:32 +0100
• 72a94cab00 Restore Go 1.15 compatibility. Solderpunk 2023-03-04 14:27:01 +0100
• e30f39b196 Fix typo in error message. Solderpunk 2023-03-02 19:43:24 +0100
• 3a03995f26 Actually, be *more* clever about client certs...(see e70ec) Solderpunk 2023-03-02 17:24:34 +0100
• bd07cb3507 Check for errors when parsing TLS certificates even after successful PEM decoding. Solderpunk 2023-03-01 19:50:45 +0100
• 81b4f1dcc0 Fix small variable name error. Solderpunk 2023-02-27 08:35:11 +0100
• d3d415b612 Add missing return. Solderpunk 2023-02-26 19:42:49 +0100
• eefb1bc3a6 Further simplifications of config parsing code. Solderpunk 2023-02-26 19:42:30 +0100
• f9585ff2b7 Rearrange the logic of handling requests without changing behaviour. Solderpunk 2023-02-25 12:06:34 +0100
• eb85a6e94c Another big refactor, splitting the Config struct in two. Solderpunk 2023-02-25 11:29:13 +0100
• e70ec82594 Don't try to be clever about when to request client certs: we never know what could be in a .molly file. Solderpunk 2023-02-24 19:12:52 +0100
• bff3d6d486 Restore logging functionality after some subtle variable declaration scoping bugs wiped it out! Solderpunk 2023-02-23 20:49:28 +0100
• a9dab7b48c Argh, fix stupid typo. Solderpunk 2023-02-23 20:04:48 +0100
• c50accfaec Only drop supplementary groups if root is amongst them. Solderpunk 2023-02-23 20:03:21 +0100
• 0274ef8f35 Print warning about expired certificates. Solderpunk 2023-02-23 19:59:11 +0100
• 800c181668 Ensure supplied TLS certificate is valid for configured hostname. Solderpunk 2023-02-23 19:47:14 +0100
• d67f896b84 Add AllowTLS12 option to switch minimum TLS version between 1.2 and 1.3. Solderpunk 2023-02-23 19:31:16 +0100
• 67386cd118 Update README to reflect movement of unix security stuff out of config file into command line switches. Solderpunk 2023-02-23 18:57:56 +0100
• 212c9f79fb A rather extensive refactor. Solderpunk 2023-02-23 18:49:15 +0100
• 8d1a04cb27 Fix minor bugs on OpenBSD-only code, after discovering easy of cross-compilation in Go. Solderpunk 2023-02-22 21:16:11 +0100
• 40203a8856 Use net/http.DetectContentType as a last resort for MIME, rather than hardcoding application/octet-stream. Solderpunk 2023-02-21 19:22:19 +0100
• 75c283fc74 Restore documented setuid behaviour. Solderpunk 2023-02-19 18:28:52 +0100
• f63fcdb6d1 Do not request client certificates if we're never going to need them. Solderpunk 2023-02-19 15:17:45 +0100
• 7a89b307a1 Just use the log package's default logger as the error log. Solderpunk 2023-02-19 15:04:34 +0100
• 072669a167 Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. Solderpunk 2023-02-19 14:40:54 +0100
• 7fad754ff2 Drop privileges much more thoroughly, thanks nervuri! (see issue #16) Solderpunk 2023-02-19 13:17:24 +0100
• 182e58ffe3 Make unprivileged user configurable, thanks nervuri! (see issue #16) Solderpunk 2023-02-15 21:16:49 +0100
• c0c67f7ba6 Whoops, don't ignore error from filepath.Abs. Solderpunk 2023-02-15 21:15:14 +0100
• 8372142843 Add support for chroot()ing server early after startup, more work toward issue #16. Solderpunk 2023-02-15 21:10:22 +0100
• 06c6d190a6 Guard against symbolic links escaping the document base. Solderpunk 2023-02-13 22:15:42 +0100
• bb0a04d2c7 Add a little bit of extra security advice to the README, a tiny extra step toward closing issue #16. Solderpunk 2023-02-13 21:52:08 +0100
• 4e6a8fcd05 Use setuid() systemcall wherever possible to reduce privileges before accepting network connections. First step toward solving issue #16. Solderpunk 2023-02-13 20:26:52 +0100
• 5258b29c6b Big ol' gofmt. Solderpunk 2023-02-10 17:19:21 +0100
• 56d8dde14a Chdir to / so that Molly doesn't interfere with unmounting. Solderpunk 2023-02-10 16:16:57 +0100
• b16fe0b8d4 Absolutise DocBase before trying to absolutise anything else relative to it. Solderpunk 2023-02-08 20:32:17 +0100
• 17d17a1629 Catch SIGTERM and shutdown gracefully. Solderpunk 2023-02-08 19:56:27 +0100
• 86720131d3 Declare dependenc upon x/sys to support OpenBSD security features. Solderpunk 2023-02-08 19:54:58 +0100
• b16a8584a6 Merge pull request 'Added pledge(2) and unveil(2) system calls to improve security on OpenBSD.' (#13) from kvothe/molly-brown:master into master Solderpunk 2023-02-08 17:54:29 +0000
• 0d5d67c86d Forcibly ingest Kool-Aid. Solderpunk 2023-02-08 18:53:29 +0100
• 3be10b82d7 Allow no access logging with empty string log file path. Solderpunk 2023-02-07 19:59:43 +0100
• 443bfd4bbd Change to error logging behaviour (stderr instead of stdout, by default). Solderpunk 2023-02-07 19:33:14 +0100
• 16bf8e0534 Refuse to use a world-readable TLS key. Solderpunk 2023-02-07 19:23:35 +0100
• c0d0c0991c Update date and email address in LICENSE. Solderpunk 2023-02-07 19:12:24 +0100
• 8541b6194b Resolve non-absolute values of CGIPaths relative to DocBase. Closes #24. Solderpunk 2023-02-05 16:54:00 +0100
• 2d6f4db38e Add -v flag to print version and exit. Closes #23. Solderpunk 2023-02-05 15:36:18 +0100
• d9e0fed193 Tidy up DirectorySubdirsFirst sorting code by doing two consecutive sorts. Closes #30. Solderpunk 2023-02-05 15:04:49 +0100
• 8446885f56 Rename DirectoriesFirst option to DirectorySubdirsFirst and document in README. Solderpunk 2023-02-05 14:35:29 +0100
• 67d509a234 Sort directory listings with directories before files Russ Magee 2021-08-11 14:05:38 -0700
• 733e518392 Accept requests where the URL has a FQDN hostname with a trailing dot. Closes #20. Solderpunk 2023-01-29 12:29:01 +0100
• a41898b012 Add DefaultEncoding option to config/.molly files. Closes #19. Solderpunk 2023-01-29 12:07:52 +0100
• f05bab2b73 Make test of request URL hostname against configured hostname case insensitive. Closes #29. Solderpunk 2023-01-28 19:22:31 +0100