CLCL/http-auth-through

## http-auth-through
#!/usr/bin/perl
use strict;
use warnings;

# HTTP Status codes from HTTP/Status.pm, to avoid loading package
# that may or may not exist.  We only need those >=400, but all
# are included for potential future use.
my %StatusCode = (
    100 => 'Continue',
    101 => 'Switching Protocols',
    102 => 'Processing',                      # WebDAV
    200 => 'OK',
    201 => 'Created',
    202 => 'Accepted',
    203 => 'Non-Authoritative Information',
    204 => 'No Content',
    205 => 'Reset Content',
    206 => 'Partial Content',
    207 => 'Multi-Status',                    # WebDAV    300 => 'Multiple Choices',
    301 => 'Moved Permanently',
    302 => 'Found',
    303 => 'See Other',
    304 => 'Not Modified',
    305 => 'Use Proxy',
    307 => 'Temporary Redirect',
    400 => 'Bad Request',
    401 => 'Unauthorized',
    402 => 'Payment Required',
    403 => 'Forbidden',
    404 => 'Not Found',
    405 => 'Method Not Allowed',
    406 => 'Not Acceptable',
    407 => 'Proxy Authentication Required',
    408 => 'Request Timeout',
    409 => 'Conflict',
    410 => 'Gone',
    411 => 'Length Required',
    412 => 'Precondition Failed',
    413 => 'Request Entity Too Large',
    414 => 'Request-URI Too Large',
    415 => 'Unsupported Media Type',
    416 => 'Request Range Not Satisfiable',
    417 => 'Expectation Failed',
    422 => 'Unprocessable Entity',            # WebDAV
    423 => 'Locked',                          # WebDAV
    424 => 'Failed Dependency',               # WebDAV
    500 => 'Internal Server Error',
    501 => 'Not Implemented',
    502 => 'Bad Gateway',
    503 => 'Service Unavailable',
    504 => 'Gateway Timeout',
    505 => 'HTTP Version Not Supported',
    507 => 'Insufficient Storage',            # WebDAV
);


my $regex = qr/^(\d.+\d) (.+) (.+) \[(.+)\] "(\w+) (.+) (.+)" (\d\d\d) .+$/;
my @attr  = qw/client_ip ident userid timestamp method path http http_rc /;

my %whitelist = (
  '127.0.0.1' => 'localhost',
);

my $hash;

while(<>) {
  tr/\x0a\x0d//d;
  if ( my @res = m/$regex/ ) {
    my %d;
    for ( my $i = 0; $i < $#attr + 1; $i++ ) {
      $d{ $attr[ $i ] } = $res[ $i ];
    }
    next if $d{userid} eq '-';               # 認証なしアクセスならスルー
    next if $d{http_rc} == 401;              # 401ならスルー
    next if exists $whielist{$d{client_ip}}; # 辞書に有るならスルー
    # 認証ありで401以外で辞書にないIPは報告
    $hash->{$d{http_rc}}->{$d{client_ip} .' '. $d{userid} .' '. $d{path} } += 1;
  }
};

if ($hash) {
  print " ApacheのBasic認証を通過したがホワイトリストに載ってないIPからのアクセス：\n";
  foreach my $rc ( sort keys %$hash ) {
    print "    $rc $StatusCode{$rc}\n";
    foreach my $item ( sort keys %{$hash->{$rc} } ) {
      print "       $item: $hash->{$rc}->{$item}回\n";
    }
  }
}

__END__
	#!/usr/bin/perl
	use strict;
	use warnings;

	# HTTP Status codes from HTTP/Status.pm, to avoid loading package
	# that may or may not exist. We only need those >=400, but all
	# are included for potential future use.
	my %StatusCode = (
	100 => 'Continue',
	101 => 'Switching Protocols',
	102 => 'Processing', # WebDAV
	200 => 'OK',
	201 => 'Created',
	202 => 'Accepted',
	203 => 'Non-Authoritative Information',
	204 => 'No Content',
	205 => 'Reset Content',
	206 => 'Partial Content',
	207 => 'Multi-Status', # WebDAV 300 => 'Multiple Choices',
	301 => 'Moved Permanently',
	302 => 'Found',
	303 => 'See Other',
	304 => 'Not Modified',
	305 => 'Use Proxy',
	307 => 'Temporary Redirect',
	400 => 'Bad Request',
	401 => 'Unauthorized',
	402 => 'Payment Required',
	403 => 'Forbidden',
	404 => 'Not Found',
	405 => 'Method Not Allowed',
	406 => 'Not Acceptable',
	407 => 'Proxy Authentication Required',
	408 => 'Request Timeout',
	409 => 'Conflict',
	410 => 'Gone',
	411 => 'Length Required',
	412 => 'Precondition Failed',
	413 => 'Request Entity Too Large',
	414 => 'Request-URI Too Large',
	415 => 'Unsupported Media Type',
	416 => 'Request Range Not Satisfiable',
	417 => 'Expectation Failed',
	422 => 'Unprocessable Entity', # WebDAV
	423 => 'Locked', # WebDAV
	424 => 'Failed Dependency', # WebDAV
	500 => 'Internal Server Error',
	501 => 'Not Implemented',
	502 => 'Bad Gateway',
	503 => 'Service Unavailable',
	504 => 'Gateway Timeout',
	505 => 'HTTP Version Not Supported',
	507 => 'Insufficient Storage', # WebDAV
	);


	my $regex = qr/^(\d.+\d) (.+) (.+) \[(.+)\] "(\w+) (.+) (.+)" (\d\d\d) .+$/;
	my @attr = qw/client_ip ident userid timestamp method path http http_rc /;

	my %whitelist = (
	'127.0.0.1' => 'localhost',
	);

	my $hash;

	while(<>) {
	tr/\x0a\x0d//d;
	if ( my @res = m/$regex/ ) {
	my %d;
	for ( my $i = 0; $i < $#attr + 1; $i++ ) {
	$d{ $attr[ $i ] } = $res[ $i ];
	}
	next if $d{userid} eq '-'; # 認証なしアクセスならスルー
	next if $d{http_rc} == 401; # 401ならスルー
	next if exists $whielist{$d{client_ip}}; # 辞書に有るならスルー
	# 認証ありで401以外で辞書にないIPは報告
	$hash->{$d{http_rc}}->{$d{client_ip} .' '. $d{userid} .' '. $d{path} } += 1;
	}
	};

	if ($hash) {
	print " ApacheのBasic認証を通過したがホワイトリストに載ってないIPからのアクセス：\n";
	foreach my $rc ( sort keys %$hash ) {
	print " $rc $StatusCode{$rc}\n";
	foreach my $item ( sort keys %{$hash->{$rc} } ) {
	print " $item: $hash->{$rc}->{$item}回\n";
	}
	}
	}

	__END__