changed: when a client doesn't send a session cookie we can instead of ban just use a temporary session
added: config option: // the way we behave when no_session_cookie_treshold limit is exceeded // 0 - if a client doesn't send a session cookie again then use a temporary session // (other sessions from this IP address are not affected) // 1 - add this IP address to ban list and create a temporary session // (this will block other sessions from this IP address too) // default: 0 int no_session_cookie_ban_mode; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@996 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
parent
c9bf20201b
commit
f875bd2944
|
@ -562,7 +562,7 @@ void App::CreateJSONAnswer()
|
|||
}
|
||||
|
||||
|
||||
// !! zmienic na lepsza nazwe
|
||||
// !! IMPROVE ME change to a better name
|
||||
void App::MakePage()
|
||||
{
|
||||
bool sent = false;
|
||||
|
@ -617,9 +617,9 @@ void App::CheckPostRedirect()
|
|||
}
|
||||
|
||||
|
||||
// zmienic nazwe np na ProcessRequest
|
||||
// !! ta nazwa chyba juz zajeta...
|
||||
// !! IMPROVE ME need some refactoring
|
||||
// !! IMPROVE ME change to a better name
|
||||
// may ProcessRequest()? but probably it is already defined...
|
||||
// this method needs some refactoring
|
||||
void App::Make()
|
||||
{
|
||||
if( cur.request->dir_tab.empty() )
|
||||
|
|
|
@ -223,7 +223,8 @@ void Config::AssignValues(bool stdout_is_closed)
|
|||
session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days
|
||||
broken_encoded_cookie_treshold = Size(L"broken_encoded_cookie_treshold", 2);
|
||||
session_hijacking_treshold = Size(L"session_hijacking_treshold", 128);
|
||||
no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 1000);
|
||||
no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 128);
|
||||
no_session_cookie_ban_mode = Int(L"no_session_cookie_ban_mode", 0);
|
||||
|
||||
compression = Bool(L"compression", true);
|
||||
compression_page_min_size = Size(L"compression_page_min_size", 512);
|
||||
|
|
|
@ -244,9 +244,18 @@ public:
|
|||
size_t session_hijacking_treshold;
|
||||
|
||||
// after how many times a client will be banned if it did not send a session cookie
|
||||
// default: 1000 (value in the range <0 - 65535>)
|
||||
// this can be a bot such as a Google Bot or just people connecting from a NAT and all have the same IP
|
||||
// default: 128 (value in the range <0 - 65535>)
|
||||
size_t no_session_cookie_treshold;
|
||||
|
||||
// the way we behave when no_session_cookie_treshold limit is exceeded
|
||||
// 0 - if a client doesn't send a session cookie again then use a temporary session
|
||||
// (other sessions from this IP address are not affected)
|
||||
// 1 - add this IP address to ban list and create a temporary session
|
||||
// (this will block other sessions from this IP address too)
|
||||
// default: 0
|
||||
int no_session_cookie_ban_mode;
|
||||
|
||||
// allow the winix output to be compressed
|
||||
// default: true
|
||||
bool compression;
|
||||
|
|
|
@ -302,6 +302,7 @@ void SessionManager::IncorrectSessionCheckBan()
|
|||
}
|
||||
|
||||
|
||||
|
||||
void SessionManager::NoSessionCookieCheckBan()
|
||||
{
|
||||
if( !current_ip_ban )
|
||||
|
@ -315,7 +316,10 @@ void SessionManager::NoSessionCookieCheckBan()
|
|||
else
|
||||
{
|
||||
log << log2 << "SM: too many times you have not sent a session cookie" << logend;
|
||||
|
||||
if( config->no_session_cookie_ban_mode == 1 )
|
||||
IncrementBanLevel(current_ip_ban);
|
||||
|
||||
SetTemporarySession();
|
||||
}
|
||||
}
|
||||
|
@ -429,6 +433,8 @@ bool SessionManager::IsIPBanned()
|
|||
|
||||
if( current_ip_ban )
|
||||
{
|
||||
current_ip_ban->last_used = cur->request->start_time;
|
||||
|
||||
if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires )
|
||||
{
|
||||
log << log2 << "SM: resetting events counters for this IP" << logend;
|
||||
|
@ -699,10 +705,10 @@ IPBan & SessionManager::AddIPToBanList(int ip)
|
|||
}
|
||||
|
||||
|
||||
IPBan & SessionManager::AddIPToBanList(int ip, time_t cur_time)
|
||||
IPBan & SessionManager::AddIPToBanList(int ip, time_t last_used)
|
||||
{
|
||||
IPBan & ban = ban_tab.AddIP(ip);
|
||||
ban.last_used = cur_time;
|
||||
ban.last_used = last_used;
|
||||
|
||||
return ban;
|
||||
}
|
||||
|
|
|
@ -95,7 +95,7 @@ public:
|
|||
size_t MarkAllSessionsToRemove(long user_id);
|
||||
|
||||
IPBan & AddIPToBanList(int ip);
|
||||
IPBan & AddIPToBanList(int ip, time_t cur_time);
|
||||
IPBan & AddIPToBanList(int ip, time_t last_used);
|
||||
size_t BanListSize();
|
||||
IPBan & GetIPBan(size_t index);
|
||||
void RemoveIPBan(int ip);
|
||||
|
|
|
@ -168,7 +168,6 @@ void Login::CheckBan()
|
|||
log << log2 << "Login: logging from this IP address has been blocked until to: " << date << " UTC" << logend;
|
||||
}
|
||||
else
|
||||
if( config->incorrect_login_cannot_login_mode == 1 )
|
||||
{
|
||||
session_manager->IncrementBanLevel(ip_ban);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue