For years we've been using HTML::Template and HTML::Template::Expr modules on our site, and it all worked pretty well. In the last few months I've been implementing some complex form validators with items that appear on the site based on non-trivial URI rules.
I need some template engine that I could program the complex presentation part with, so I choose HTML::Mason. Being that our site is served by a Perl daemon process, I can't use $r or plethora of Apache2 modules inside my templates but without that HTML::Mason is powerful enough and it works pretty well. Combining the new template engine with some Moose-based objects saved me couple of months of development time. Hooray for HTML::Mason!
Perl-related stuff and beyond (but not much)
Thursday, April 30, 2009
Wednesday, April 22, 2009
Check your log files for intrusions
CGI::IDS is a nice module on CPAN that enables you to check for a possible intrusion attempts in your web application. But, if evil attempts were made before, it's time to scan the log files. CGI::IDS is very flexible, so I crafted a simple program to check my log files at work.
Here it is:
Update: Thanks to all for the answers. It's syntax highlighter that modifies the source code. I'll probably change it. I also ran my code through Perl::Critic, and changed the source code above according to it's suggestions and your comments.
Here it is:
#!/usr/bin/perl
# ids_log_check.pl - process Apache access log files and check for possible
# attacks via CGI::IDS
# usage: ids_log_check.pl path_to_the_log_file
# dprelec, 2009-01-14
use strict;
use warnings;
use CGI;
use CGI::IDS;
# minimal impact to report for
my $MIN_IMP = 20;
# skip these requests
my $RE_IGNORE = qr/GET(?:.*)\.(?:gif|css|png|jpeg|jpg|pdf|html|js|xml)\s/;
my $ids = CGI::IDS->new();
$ids->set_scan_keys(scan_keys => 1);
my $log = shift or die "Specify input log file.\n";
open $fh, "<", $log or die "Cannot open $log: $!";
while (<$fh>) {
next if /$RE_IGNORE/;
if (/GET\s+(?:[^ ]+)\?([^ ]+)/) {
my %params = CGI->new($1)->Vars;
my $imp = $ids->detect_attacks(request => \%params);
if ($imp > $MIN_IMP) {
print $_ . "\nParams: $1\nImpact: $imp\n\n";
}
}
}
close $fh;
Update: Thanks to all for the answers. It's syntax highlighter that modifies the source code. I'll probably change it. I also ran my code through Perl::Critic, and changed the source code above according to it's suggestions and your comments.
Fairies Wear Boots
Inspired by the Iron Man post, I decided to post Perl-related article here, once a week, on my new blog. I've never done this blogging stuff before, so it's a new uncharted land for me. Being that I'm not that really good in public type of self-expressions, it (this blogging mess) will need some extra energy from me.
So, don't expect some uberclever programming themes. For the start, I'll write about simple/dumb stuff I do all the time at my work.
So much for the intro, and now for something slightly different.
So, don't expect some uberclever programming themes. For the start, I'll write about simple/dumb stuff I do all the time at my work.
So much for the intro, and now for something slightly different.
Subscribe to:
Posts (Atom)