packagePlack::Middleware::Security::Simple;# ABSTRACT: A simple security filter for Plackusev5.14;usewarnings;useHash::Match;usePlack::Response;# RECOMMEND PREREQ: Ref::Util::XSour$VERSION='v0.12.1';subprepare_app {my($self) =@_;if(my$rules=$self->rules) {if( is_plain_arrayref($rules) || is_plain_hashref($rules) ) {$self->rules( Hash::Match->new(rules=>$rules) );}}unless($self->status ) {$self->status( HTTP_BAD_REQUEST );}unless($self->handler ) {$self->handler(sub{my($env) =@_;my$status=$self->status;if(my$logger=$env->{'psgix.logger'} ) {$logger->({level=>"warn",message=> __PACKAGE__." Blocked $env->{REMOTE_ADDR} $env->{REQUEST_METHOD} $env->{REQUEST_URI} HTTP $status"});}my$res= Plack::Response->new($status, ['Content-Type'=>'text/plain'], ["Bad Request"] );return$res->finalize;});}}subcall {my($self,$env) =@_;if(my$rules=$self->rules) {return$self->handler()->($env)if$rules->($env);}return$self->app->($env);}1;__END__=pod=encoding UTF-8=head1 NAMEPlack::Middleware::Security::Simple - A simple security filter for Plack=head1 VERSIONversion v0.12.1=head1 SYNOPSISuse Plack::Builder;builder {enable "Security::Simple",rules => [PATH_INFO => qr{^/cgi-bin/},PATH_INFO => qr{\.(php|asp)$},HTTP_USER_AGENT => qr{BadRobot},];...};=head1 DESCRIPTIONThis module provides a simple security filter for PSGI-basedapplications, so that you can filter out obvious exploit-seekingscripts.Note that as an alternative, you may want to consider using something likeL<modsecurity|https://modsecurity.org/> as a filter in a reverse proxy.=head1 ATTRIBUTES=head2 rulesThis is a set of rules. It can be a an array-reference orL<Hash::Match> object containing matches against keys in the Plackenvironment.It can also be a code reference for a subroutine that takes the Plackenvironment as an argument and returns a true value if there is amatch.See L<Plack::Middleware::Security::Common> for a set of common rules.=head2 handlerThis is a function that is called when a match is found.It takes the Plack environment as an argument, and returns aL<Plack::Response>, or throws an exception forL<Plack::Middleware::HTTPExceptions>.The default handler will log a warning to the C<psgix.logger>, andreturn a HTTP 400 (Bad Request) response.The message is of the formPlack::Middleware::Security::Simple Blocked $ip $method $path_query HTTP $statusThis can be used if you are writing L<fail2ban> filters.=head2 statusThis is the HTTP status code that the default L</handler> will returnwhen a resource is blocked. It defaults to 400 (Bad Request).=head1 SUPPORT FOR OLDER PERL VERSIONSSince v0.9.0, the this module requires Perl v5.14 or later.Future releases may only support Perl versions released in the last ten (10) years.=head1 SEE ALSOL<Hash::Match>L<Plack>L<PSGI>=head1 SOURCEThe development version is on github at L<https://github.com/robrwo/Plack-Middleware-Security-Simple>and may be cloned from L<git://github.com/robrwo/Plack-Middleware-Security-Simple.git>=head1 BUGSPlease report any bugs or feature requests on the bugtracker websiteWhen submitting a bug or request, please include a test-file or apatch to an existing test-file that illustrates the bug or desiredfeature.=head2 Reporting Security VulnerabilitiesSecurity issues should not be reported on the bugtracker website. Please see F<SECURITY.md> for instructions how toreport security vulnerabilities=head1 AUTHORRobert Rothenberg <rrwo@cpan.org>=head1 COPYRIGHT AND LICENSEThis software is Copyright (c) 2014,2018-2025 by Robert Rothenberg.This is free software, licensed under:The Artistic License 2.0 (GPL Compatible)=cut