changed: when a client doesn't send a session cookie we can instead of ban just use a temporary session

added: config option: // the way we behave when no_session_cookie_treshold limit is exceeded // 0 - if a client doesn't send a session cookie again then use a temporary session // (other sessions from this IP address are not affected) // 1 - add this IP address to ban list and create a temporary session // (this will block other sessions from this IP address too) // default: 0 int no_session_cookie_ban_mode; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@996 e52654a7-88a9-db11-a3e9-0013d4bc506e
2014-11-25 12:02:22 +00:00 · 2014-11-25 12:02:22 +00:00 · f875bd2944
parent c9bf20201b
commit f875bd2944
6 changed files with 26 additions and 11 deletions
--- a/core/app.cpp
+++ b/core/app.cpp
@ -562,7 +562,7 @@ void App::CreateJSONAnswer()
 }


-// !! zmienic na lepsza nazwe
+// !! IMPROVE ME change to a better name
 void App::MakePage()
 {
 bool sent = false;
@ -617,9 +617,9 @@ void App::CheckPostRedirect()
 }


-// zmienic nazwe np na ProcessRequest
-// !! ta nazwa chyba juz zajeta...
-// !! IMPROVE ME need some refactoring
+// !! IMPROVE ME change to a better name
+// may ProcessRequest()? but probably it is already defined...
+// this method needs some refactoring
 void App::Make()
 {
 	if( cur.request->dir_tab.empty() )
--- a/core/config.cpp
+++ b/core/config.cpp
@ -223,7 +223,8 @@ void Config::AssignValues(bool stdout_is_closed)
 	session_key_renew_time			= Size(L"session_key_renew_time", 172800); // 2 days
 	broken_encoded_cookie_treshold	= Size(L"broken_encoded_cookie_treshold", 2);
 	session_hijacking_treshold		= Size(L"session_hijacking_treshold", 128);
-	no_session_cookie_treshold		= Size(L"no_session_cookie_treshold", 1000);
+	no_session_cookie_treshold		= Size(L"no_session_cookie_treshold", 128);
+	no_session_cookie_ban_mode		= Int(L"no_session_cookie_ban_mode", 0);

 	compression				= Bool(L"compression", true);
 	compression_page_min_size = Size(L"compression_page_min_size", 512);
--- a/core/config.h
+++ b/core/config.h
@ -244,9 +244,18 @@ public:
 	size_t session_hijacking_treshold;

 	// after how many times a client will be banned if it did not send a session cookie
- 	// default: 1000 (value in the range <0 - 65535>)
+ 	// this can be a bot such as a Google Bot or just people connecting from a NAT and all have the same IP
+ 	// default: 128 (value in the range <0 - 65535>)
 	size_t no_session_cookie_treshold;

+ 	// the way we behave when no_session_cookie_treshold limit is exceeded
+ 	// 0 - if a client doesn't send a session cookie again then use a temporary session
+ 	//     (other sessions from this IP address are not affected)
+ 	// 1 - add this IP address to ban list and create a temporary session
+ 	//     (this will block other sessions from this IP address too)
+ 	// default: 0
+ 	int no_session_cookie_ban_mode;
+
 	// allow the winix output to be compressed
 	// default: true
 	bool compression;
--- a/core/sessionmanager.cpp
+++ b/core/sessionmanager.cpp
@ -302,6 +302,7 @@ void SessionManager::IncorrectSessionCheckBan()
 }


+
 void SessionManager::NoSessionCookieCheckBan()
 {
 	if( !current_ip_ban )
@ -315,7 +316,10 @@ void SessionManager::NoSessionCookieCheckBan()
 	else
 	{
 		log << log2 << "SM: too many times you have not sent a session cookie" << logend;
-		IncrementBanLevel(current_ip_ban);
+
+		if( config->no_session_cookie_ban_mode == 1 )
+			IncrementBanLevel(current_ip_ban);
+
 		SetTemporarySession();
 	}
 }
@ -429,6 +433,8 @@ bool SessionManager::IsIPBanned()

 	if( current_ip_ban  )
 	{
+		current_ip_ban->last_used = cur->request->start_time;
+
 		if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires )
 		{
 			log << log2 << "SM: resetting events counters for this IP" << logend;
@ -699,10 +705,10 @@ IPBan & SessionManager::AddIPToBanList(int ip)
 }


-IPBan & SessionManager::AddIPToBanList(int ip, time_t cur_time)
+IPBan & SessionManager::AddIPToBanList(int ip, time_t last_used)
 {
 	IPBan & ban = ban_tab.AddIP(ip);
-	ban.last_used = cur_time;
+	ban.last_used = last_used;

 return ban;
 }
--- a/core/sessionmanager.h
+++ b/core/sessionmanager.h
@ -95,7 +95,7 @@ public:
 	size_t MarkAllSessionsToRemove(long user_id);

 	IPBan & AddIPToBanList(int ip);
-	IPBan & AddIPToBanList(int ip, time_t cur_time);
+	IPBan & AddIPToBanList(int ip, time_t last_used);
 	size_t  BanListSize();
 	IPBan & GetIPBan(size_t index);
 	void    RemoveIPBan(int ip);
--- a/functions/login.cpp
+++ b/functions/login.cpp
@ -168,7 +168,6 @@ void Login::CheckBan()
 			log << log2 << "Login: logging from this IP address has been blocked until to: " << date << " UTC" << logend;
 		}
 		else
-		if( config->incorrect_login_cannot_login_mode == 1 )
 		{
 			session_manager->IncrementBanLevel(ip_ban);
 		}