Google Git
Sign in
apache / infrastructure-aardvark-proxy / refs/heads/develop
commit48776bc10c71781ed161fd81063b2f1349f27e64[log] [tgz]
authorDaniel Gruno <humbedooh@apache.org>Thu Feb 25 11:39:48 2021 +0100
committerGitHub <noreply@github.com>Thu Feb 25 11:39:48 2021 +0100
tree9ac18971e9adb4d9410f01b5b8038e87664bc2b3
parentfe46313c589109c5691832df871c8643fbfaeb13 [diff]
Add default spam response
1 file changed
tree: 9ac18971e9adb4d9410f01b5b8038e87664bc2b3
  1. corpus/
  2. aardvark.png
  3. aardvark.py
  4. aardvark.yaml
  5. LICENSE
  6. pipservice-aardvark-proxy.service
  7. README.md
  8. requirements.txt
  9. spamfilter.py
README.md

Aardvark - An anti-spam proxy server

Aardvark acts as a middleman between frontend web servers and (typically) ticket submission services such as JIRA or BugZilla, and intercepts all data sent. POST Data is scanned for known offending words that are common in spam, and if found to be spam, the request is blocked. Aardvark keeps an internal list of offending IPs, and will block any subsequent POST requests from those IPs (until restarted).

Aardvark is written in Python3 and uses aiohttp for its server/client capabilities.

diagram

Settings:

  • port: Which port to listen on for scans. For security reasons, Aardvark will bind to localhost. Default is 1729
  • proxy_url: The backend service to proxy to if request is sane
  • ipheader: The header to look for the client's IP in. Typically X-Forwarded-For.
  • naive_spam_threshold: This is the spam score threshold for the naïve scanner, spamfilter.py. It uses a pre-generated English corpus for detecting spam.
  • spamurls: Specific honey-pot URLs that trigger a block regardless of the action
  • ignoreurls: Specific URLs that are exempt from spam detection
  • postmatches: A list of keywords and/or regexes that, if matched, will block the request
  • multimatch: A combination blocker. If a required keyword or regex is matched, the request will be blocked only if one or more auxiliary keywords/regexes are also matched

Pipservicing

To enable as a pipservice, add the following minimal hiera yaml to your node config:

pipservice:
  aardvark-proxy:
    tag: main

Running manually

Follow these steps to run manually (assuming you have pipenv installed):

  • git clone https://github.com/apache/infrastructure-aardvark-proxy.git aardvark-proxy
  • cd aardvark-proxy
  • pipenv install -r requirements.txt
  • pipenv run python3 aardvark.py

HTTPd configuration example

As Aardvark is a proxy middleman for specific purposes, you will preferably need a web server in front. The example below relays all POST requests for /foo/bar through Aardvark, while letting all GETs etc go directly to the backend service.

Assuming Aardvark is listening on port 1729 and the real backend service is on port 8080:

# Send all POST requests through Aardvark
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^/(.*)$ http://localhost:1729/$1 [P]
# Rest goes to backend directly
ProxyPass / http://localhost:8080/foo/bar/