diff --git a/core/app.cpp b/core/app.cpp index d479fcc..7565561 100644 --- a/core/app.cpp +++ b/core/app.cpp @@ -562,7 +562,7 @@ void App::CreateJSONAnswer() } -// !! zmienic na lepsza nazwe +// !! IMPROVE ME change to a better name void App::MakePage() { bool sent = false; @@ -617,9 +617,9 @@ void App::CheckPostRedirect() } -// zmienic nazwe np na ProcessRequest -// !! ta nazwa chyba juz zajeta... -// !! IMPROVE ME need some refactoring +// !! IMPROVE ME change to a better name +// may ProcessRequest()? but probably it is already defined... +// this method needs some refactoring void App::Make() { if( cur.request->dir_tab.empty() ) diff --git a/core/config.cpp b/core/config.cpp index bc59e06..96c60e8 100644 --- a/core/config.cpp +++ b/core/config.cpp @@ -223,7 +223,8 @@ void Config::AssignValues(bool stdout_is_closed) session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days broken_encoded_cookie_treshold = Size(L"broken_encoded_cookie_treshold", 2); session_hijacking_treshold = Size(L"session_hijacking_treshold", 128); - no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 1000); + no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 128); + no_session_cookie_ban_mode = Int(L"no_session_cookie_ban_mode", 0); compression = Bool(L"compression", true); compression_page_min_size = Size(L"compression_page_min_size", 512); diff --git a/core/config.h b/core/config.h index fe2ecbf..0699d92 100644 --- a/core/config.h +++ b/core/config.h @@ -244,9 +244,18 @@ public: size_t session_hijacking_treshold; // after how many times a client will be banned if it did not send a session cookie - // default: 1000 (value in the range <0 - 65535>) + // this can be a bot such as a Google Bot or just people connecting from a NAT and all have the same IP + // default: 128 (value in the range <0 - 65535>) size_t no_session_cookie_treshold; + // the way we behave when no_session_cookie_treshold limit is exceeded + // 0 - if a client doesn't send a session cookie again then use a temporary session + // (other sessions from this IP address are not affected) + // 1 - add this IP address to ban list and create a temporary session + // (this will block other sessions from this IP address too) + // default: 0 + int no_session_cookie_ban_mode; + // allow the winix output to be compressed // default: true bool compression; diff --git a/core/sessionmanager.cpp b/core/sessionmanager.cpp index 8ed6345..42eee1b 100644 --- a/core/sessionmanager.cpp +++ b/core/sessionmanager.cpp @@ -302,6 +302,7 @@ void SessionManager::IncorrectSessionCheckBan() } + void SessionManager::NoSessionCookieCheckBan() { if( !current_ip_ban ) @@ -315,7 +316,10 @@ void SessionManager::NoSessionCookieCheckBan() else { log << log2 << "SM: too many times you have not sent a session cookie" << logend; - IncrementBanLevel(current_ip_ban); + + if( config->no_session_cookie_ban_mode == 1 ) + IncrementBanLevel(current_ip_ban); + SetTemporarySession(); } } @@ -429,6 +433,8 @@ bool SessionManager::IsIPBanned() if( current_ip_ban ) { + current_ip_ban->last_used = cur->request->start_time; + if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires ) { log << log2 << "SM: resetting events counters for this IP" << logend; @@ -699,10 +705,10 @@ IPBan & SessionManager::AddIPToBanList(int ip) } -IPBan & SessionManager::AddIPToBanList(int ip, time_t cur_time) +IPBan & SessionManager::AddIPToBanList(int ip, time_t last_used) { IPBan & ban = ban_tab.AddIP(ip); - ban.last_used = cur_time; + ban.last_used = last_used; return ban; } diff --git a/core/sessionmanager.h b/core/sessionmanager.h index 9489878..1257969 100644 --- a/core/sessionmanager.h +++ b/core/sessionmanager.h @@ -95,7 +95,7 @@ public: size_t MarkAllSessionsToRemove(long user_id); IPBan & AddIPToBanList(int ip); - IPBan & AddIPToBanList(int ip, time_t cur_time); + IPBan & AddIPToBanList(int ip, time_t last_used); size_t BanListSize(); IPBan & GetIPBan(size_t index); void RemoveIPBan(int ip); diff --git a/functions/login.cpp b/functions/login.cpp index d28b5d1..83e9ad6 100644 --- a/functions/login.cpp +++ b/functions/login.cpp @@ -168,7 +168,6 @@ void Login::CheckBan() log << log2 << "Login: logging from this IP address has been blocked until to: " << date << " UTC" << logend; } else - if( config->incorrect_login_cannot_login_mode == 1 ) { session_manager->IncrementBanLevel(ip_ban); }