tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies)

Browse Source 
added:   possibility to ban if a client tries to hijack the session cookie
added:   possibility to ban if a client did not send a session cookie
renamed: ezc functions:
         login_cannot_login -> ipban_is_login_allowed_from_this_ip  (and the return value was changed)
         login_when_available_login -> ipban_current_ip_expires_time
added: config options:
       // after how many broken encoded cookie we should ban the current IP
       // default: 2 (value in the range <0 - 65535>)
       size_t broken_encoded_cookie_treshold;

       // after how many incorrect session identifiers (or session indices) we should ban the current IP
       // do not set this value too low, as people connecting from the same IP address (from behind a NAT)
       // would be banned if they have an old session cookie remembered in the browser
       // default: 128 (value in the range <0 - 65535>)
       size_t session_hijacking_treshold;

       // after how many times a client will be banned if it did not send a session cookie
       // default: 1000 (value in the range <0 - 65535>)
       size_t no_session_cookie_treshold;








git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa
2014-11-24 20:22:30 +00:00
parent 76314aab10
commit c9bf20201b
18 changed files with 368 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
html/err_per_denied.html
View File

@@ -2,7 +2,15 @@
<h1>{access_denied}</h1>
<p>{access_denied_msg}</p>
<p>{access_denied_msg}
[if ipban_is_current_ip_banned]
<br>
{ipban_your_ip_is_banned} [ipban_current_ip_expires_time].
[end]
</p>
</div>

8
html/fun_ipban.html
View File

@@ -4,12 +4,15 @@
[if ipban_tab]
<table>
<table class="ipban_table">
<tr>
<th>{ipban_col_id}</th>
<th>{ipban_col_ip_address}</th>
<th>{ipban_col_login_failures}</th>
<th>{ipban_col_broken_cookie}</th>
<th>{ipban_session_hijacking}</th>
<th>{ipban_no_session_cookie}</th>
<th>{ipban_col_login_allowed}</th>
<th>{ipban_col_ban_level}</th>
<th>{ipban_col_active_flag}</th>
@@ -24,6 +27,9 @@
<td>[ipban_tab_id]</td>
<td>[ipban_tab_ip]</td>
<td>[ipban_tab_incorrect_login]</td>
<td>[ipban_tab_broken_encoded_cookie]</td>
<td>[ipban_tab_session_hijacking]</td>
<td>[ipban_tab_no_session_cookie]</td>
<td>[if ipban_tab_is_logging_allowed]{ipban_loggin_allowed}[else]{ipban_loggin_not_allowed}[end]</td>
<td>[ipban_tab_ban_level]</td>
<td>[if ipban_tab_has_active_flag]{ipban_has_active_flag}[end]</td>

4
html/fun_login.html
View File

@@ -7,9 +7,9 @@
<a href="[doc_base_url][if-one dir_can_read_exec][dir][if-any item_is item_can_read][item_url]/[end][else]/[end]logout">{logout}</a></p>
[else]
[if login_cannot_login]
[if-no ipban_is_login_allowed_from_this_ip]
<p>{login_cannot_login_from_this_ip}<br>
{login_cannot_login_available} [login_when_available_login]</p>
{login_cannot_login_available} [ipban_current_ip_expires_time]</p>
[else]
<form method="post" action="[login_path]login">

1
html/index_head_functions_add.html
View File

@@ -10,6 +10,7 @@
winix_function_is "emacs"
winix_function_is "env"
winix_function_is "imgcrop"
winix_function_is "ipban"
winix_function_is "last"
winix_function_is "ln"
winix_function_is "locale"