mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
simplify/unify naming & wording of the two types of IP lists for the traffic limiter
This commit is contained in:
parent
d764c03759
commit
91041d8c59
@ -135,14 +135,17 @@ markdown = "Markdown"
|
|||||||
; Set this to 0 to disable rate limiting.
|
; Set this to 0 to disable rate limiting.
|
||||||
limit = 10
|
limit = 10
|
||||||
|
|
||||||
; Set ips (v4|v6) which should be exempted for the rate-limit. CIDR also supported. Needed to be comma separated.
|
; (optional) Set IPs adresses (v4 or v6) or subnets (CIDR) which are exempted
|
||||||
; Unset for enabling and invalid values will be ignored
|
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
|
||||||
; eg: exemptedIp = '1.2.3.4,10.10.10/24'
|
; be exempted, the list needs to be comma separated. Leave unset to disable
|
||||||
|
; exemptions.
|
||||||
|
; exempted = "1.2.3.4,10.10.10/24"
|
||||||
|
|
||||||
; (optional) if you only want some source IP addresses to create pastes
|
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
|
||||||
; enter their IPv4 address(es) here, separated by commas. This does not
|
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
|
||||||
; currently support CIDR notation, only individual IPv4 addresses.
|
; ignored. If multiple values are to be exempted, the list needs to be comma
|
||||||
; whitelist_paste_creation = "12.34.56.78,99.88.77.66"
|
; separated. Leave unset to allow anyone to create pastes.
|
||||||
|
; creators = "1.2.3.4,10.10.10/24"
|
||||||
|
|
||||||
; (optional) if your website runs behind a reverse proxy or load balancer,
|
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||||
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||||
|
@ -78,10 +78,10 @@ class Configuration
|
|||||||
'markdown' => 'Markdown',
|
'markdown' => 'Markdown',
|
||||||
),
|
),
|
||||||
'traffic' => array(
|
'traffic' => array(
|
||||||
'limit' => 10,
|
'limit' => 10,
|
||||||
'header' => null,
|
'header' => '',
|
||||||
'exemptedIp' => null,
|
'exempted' => '',
|
||||||
'whitelist' => null,
|
'creators' => '',
|
||||||
),
|
),
|
||||||
'purge' => array(
|
'purge' => array(
|
||||||
'limit' => 300,
|
'limit' => 300,
|
||||||
|
@ -196,7 +196,7 @@ class Controller
|
|||||||
private function _create()
|
private function _create()
|
||||||
{
|
{
|
||||||
// Check if whitelist feature is enabled
|
// Check if whitelist feature is enabled
|
||||||
if (($option = $this->_conf->getKey('whitelist_paste_creation', 'traffic')) !== null) {
|
if (($option = $this->_conf->getKey('creators', 'traffic')) !== '') {
|
||||||
// Parse whitelist into array
|
// Parse whitelist into array
|
||||||
$whitelist = explode(',', $option);
|
$whitelist = explode(',', $option);
|
||||||
// Check for source IP in HTTP header
|
// Check for source IP in HTTP header
|
||||||
|
@ -33,13 +33,13 @@ class TrafficLimiter extends AbstractPersistence
|
|||||||
private static $_limit = 10;
|
private static $_limit = 10;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* listed ips are exempted from limits, defaults to null
|
* listed IPs are exempted from limits, defaults to null
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @static
|
* @static
|
||||||
* @var string|null
|
* @var string|null
|
||||||
*/
|
*/
|
||||||
private static $_exemptedIp = null;
|
private static $_exempted = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* key to fetch IP address
|
* key to fetch IP address
|
||||||
@ -63,15 +63,15 @@ class TrafficLimiter extends AbstractPersistence
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* set a list of ip(ranges) as string
|
* set a list of IP(-ranges) as string
|
||||||
*
|
*
|
||||||
* @access public
|
* @access public
|
||||||
* @static
|
* @static
|
||||||
* @param string $exemptedIps
|
* @param string $exempted
|
||||||
*/
|
*/
|
||||||
public static function setExemptedIp($exemptedIp)
|
public static function setExempted($exempted)
|
||||||
{
|
{
|
||||||
self::$_exemptedIp = $exemptedIp;
|
self::$_exempted = $exempted;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -84,9 +84,9 @@ class TrafficLimiter extends AbstractPersistence
|
|||||||
public static function setConfiguration(Configuration $conf)
|
public static function setConfiguration(Configuration $conf)
|
||||||
{
|
{
|
||||||
self::setLimit($conf->getKey('limit', 'traffic'));
|
self::setLimit($conf->getKey('limit', 'traffic'));
|
||||||
self::setExemptedIp($conf->getKey('exemptedIp', 'traffic'));
|
self::setExempted($conf->getKey('exempted', 'traffic'));
|
||||||
|
|
||||||
if (($option = $conf->getKey('header', 'traffic')) !== null) {
|
if (($option = $conf->getKey('header', 'traffic')) !== '') {
|
||||||
$httpHeader = 'HTTP_' . $option;
|
$httpHeader = 'HTTP_' . $option;
|
||||||
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
|
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
|
||||||
self::$_ipKey = $httpHeader;
|
self::$_ipKey = $httpHeader;
|
||||||
@ -152,8 +152,8 @@ class TrafficLimiter extends AbstractPersistence
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check if $_ipKey is exempted from ratelimiting
|
// Check if $_ipKey is exempted from ratelimiting
|
||||||
if (!is_null(self::$_exemptedIp)) {
|
if (!empty(self::$_exempted)) {
|
||||||
$exIp_array = explode(',', self::$_exemptedIp);
|
$exIp_array = explode(',', self::$_exempted);
|
||||||
foreach ($exIp_array as $ipRange) {
|
foreach ($exIp_array as $ipRange) {
|
||||||
if (self::matchIp($ipRange) === true) {
|
if (self::matchIp($ipRange) === true) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -47,7 +47,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
|
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
|
||||||
|
|
||||||
// exempted IPs configuration
|
// exempted IPs configuration
|
||||||
TrafficLimiter::setExemptedIp('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
|
TrafficLimiter::setExempted('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
|
||||||
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
|
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
|
||||||
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
|
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
|
||||||
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
|
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
|
||||||
@ -55,7 +55,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
|
|||||||
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
|
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
|
||||||
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
|
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
|
||||||
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
|
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
|
||||||
TrafficLimiter::setExemptedIp('127.*,foobar');
|
TrafficLimiter::setExempted('127.*,foobar');
|
||||||
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
|
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
|
||||||
$_SERVER['REMOTE_ADDR'] = 'foobar';
|
$_SERVER['REMOTE_ADDR'] = 'foobar';
|
||||||
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');
|
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');
|
||||||
|
Loading…
x
Reference in New Issue
Block a user