added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies)
added: possibility to ban if a client tries to hijack the session cookie
added: possibility to ban if a client did not send a session cookie
renamed: ezc functions:
login_cannot_login -> ipban_is_login_allowed_from_this_ip (and the return value was changed)
login_when_available_login -> ipban_current_ip_expires_time
added: config options:
// after how many broken encoded cookie we should ban the current IP
// default: 2 (value in the range <0 - 65535>)
size_t broken_encoded_cookie_treshold;
// after how many incorrect session identifiers (or session indices) we should ban the current IP
// do not set this value too low, as people connecting from the same IP address (from behind a NAT)
// would be banned if they have an old session cookie remembered in the browser
// default: 128 (value in the range <0 - 65535>)
size_t session_hijacking_treshold;
// after how many times a client will be banned if it did not send a session cookie
// default: 1000 (value in the range <0 - 65535>)
size_t no_session_cookie_treshold;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
28
core/ipban.h
28
core/ipban.h
@@ -87,11 +87,21 @@ struct IPBan
|
||||
// the ban level to a greater value
|
||||
time_t expires;
|
||||
|
||||
|
||||
// how many incorrect login attempts there are
|
||||
unsigned int incorrect_login_events;
|
||||
unsigned short int incorrect_login_events;
|
||||
|
||||
// in the future there can be more *_events fields
|
||||
// how many incorrect encoded cookie were sent
|
||||
// only used if config.session_cookie_encode is true and session_keys_file is defined
|
||||
unsigned short int broken_encoded_cookie_events;
|
||||
|
||||
// how many incorrect session identifiers were sent
|
||||
unsigned short int session_hijacking_events;
|
||||
|
||||
// client didn't send a session cookie
|
||||
// it can be a bot or just someone wants to DOS the server
|
||||
// (a new session will be create)
|
||||
unsigned short int no_session_cookie_events;
|
||||
|
||||
|
||||
bool HasFlag(int flag) const
|
||||
@@ -123,7 +133,7 @@ struct IPBan
|
||||
}
|
||||
|
||||
|
||||
void AddNextBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires)
|
||||
void IncrementBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires)
|
||||
{
|
||||
if( HasFlag(WINIX_IPBAN_FLAG_BAN_LEVEL3) )
|
||||
{
|
||||
@@ -164,14 +174,20 @@ struct IPBan
|
||||
flags = 0;
|
||||
last_used = 0;
|
||||
expires = 0;
|
||||
incorrect_login_events = 0;
|
||||
incorrect_login_events = 0;
|
||||
broken_encoded_cookie_events = 0;
|
||||
session_hijacking_events = 0;
|
||||
no_session_cookie_events = 0;
|
||||
}
|
||||
|
||||
|
||||
void ClearAfterRemovingBan()
|
||||
void ResetEventsCounters()
|
||||
{
|
||||
ClearFlag(WINIX_IPBAN_FLAG_ACTIVE);
|
||||
incorrect_login_events = 0;
|
||||
incorrect_login_events = 0;
|
||||
broken_encoded_cookie_events = 0;
|
||||
session_hijacking_events = 0;
|
||||
no_session_cookie_events = 0;
|
||||
expires = 0;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user