add use_antispam_mechanism_for_not_logged_users config option

This commit is contained in:
Tomasz Sowa 2022-05-30 05:35:05 +02:00
parent 7d1fb3c04e
commit 01c10bad0e
4 changed files with 32 additions and 23 deletions

View File

@ -341,6 +341,7 @@ void Config::AssignValues()
check_proxy_ip_header = Bool(L"check_proxy_ip_header", false);
proxy_ip_header = Text(L"proxy_ip_header", L"X_Real_IP");
use_antispam_mechanism_for_not_logged_users = Bool(L"use_antispam_mechanism_for_not_logged_users", true);
antispam_list_max_size = Size(L"antispam_list_max_size", 10);
add_header_cache_no_store_in_htmx_request = Bool(L"add_header_cache_no_store_in_htmx_request", true);
}

View File

@ -934,7 +934,12 @@ public:
// default: X_Real_IP
std::wstring proxy_ip_header;
// antispam mechanizm
// use an antismap mechanism for not logged users
// when they try to add a new item
// default: true
bool use_antispam_mechanism_for_not_logged_users;
// antispam mechanism
// size of an list for map: form_id to counter_id for anonymous users (each session has such an map)
// this value allowes you to open the same or different html form in the browser more than once
// and each form has its own form_id and counter_id

View File

@ -499,19 +499,19 @@ void Functions::MakeFunction()
void Functions::CheckGetPostTimes(time_t difference)
{
time_t now = std::time(0);
if( !cur->session->puser && config->use_antispam_mechanism_for_not_logged_users )
{
time_t now = std::time(0);
if( cur->session->puser )
return;
if( cur->request->method != Request::post )
return;
if( now - cur->session->last_time_get >= (time_t)difference )
return;
if( cur->request->method != Request::post )
return;
if( now - cur->session->last_time_get >= (time_t)difference )
return;
cur->session->spam_score += 1;
log << log1 << "Functions: spam +1: POST after GET sent too fast" << logend;
cur->session->spam_score += 1;
log << log1 << "Functions: spam +1: POST after GET sent too fast" << logend;
}
}
@ -519,7 +519,7 @@ void Functions::CheckGetPostTimes(time_t difference)
bool Functions::CheckAntispamCounter()
{
if( !cur->session->puser )
if( !cur->session->puser && config->use_antispam_mechanism_for_not_logged_users )
{
long form_id = Tol(cur->request->PostVar(L"winix_form_id"));
long counter_id = Tol(cur->request->PostVar(L"winix_form_counter"));

View File

@ -193,19 +193,22 @@ void Upload::UploadFile(Item & item, const std::wstring & tmp_filename)
bool Upload::FunUploadCheckAbuse()
{
if( !system->rebus.CheckRebus() )
if( config->use_antispam_mechanism_for_not_logged_users )
{
cur->request->status = WINIX_ERR_INCORRECT_REBUS;
return false;
}
if( !system->rebus.CheckRebus() )
{
cur->request->status = WINIX_ERR_INCORRECT_REBUS;
return false;
}
functions->CheckGetPostTimes(4);
functions->CheckGetPostTimes(4);
if( cur->session->spam_score > 0 )
{
cur->request->status = WINIX_ERR_SPAM;
log << log1 << "Content: ignoring due to suspected spamming" << logend;
return false;
if( cur->session->spam_score > 0 )
{
cur->request->status = WINIX_ERR_SPAM;
log << log1 << "Content: ignoring due to suspected spamming" << logend;
return false;
}
}
return true;