simplify/unify naming & wording of the two types of IP lists for the traffic limiter

This commit is contained in:
El RIDO 2022-02-20 09:09:20 +01:00
parent d764c03759
commit 91041d8c59
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 27 additions and 24 deletions

View file

@ -135,14 +135,17 @@ markdown = "Markdown"
; Set this to 0 to disable rate limiting. ; Set this to 0 to disable rate limiting.
limit = 10 limit = 10
; Set ips (v4|v6) which should be exempted for the rate-limit. CIDR also supported. Needed to be comma separated. ; (optional) Set IPs adresses (v4 or v6) or subnets (CIDR) which are exempted
; Unset for enabling and invalid values will be ignored ; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; eg: exemptedIp = '1.2.3.4,10.10.10/24' ; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) if you only want some source IP addresses to create pastes ; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; enter their IPv4 address(es) here, separated by commas. This does not ; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; currently support CIDR notation, only individual IPv4 addresses. ; ignored. If multiple values are to be exempted, the list needs to be comma
; whitelist_paste_creation = "12.34.56.78,99.88.77.66" ; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer, ; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR

View file

@ -78,10 +78,10 @@ class Configuration
'markdown' => 'Markdown', 'markdown' => 'Markdown',
), ),
'traffic' => array( 'traffic' => array(
'limit' => 10, 'limit' => 10,
'header' => null, 'header' => '',
'exemptedIp' => null, 'exempted' => '',
'whitelist' => null, 'creators' => '',
), ),
'purge' => array( 'purge' => array(
'limit' => 300, 'limit' => 300,

View file

@ -196,7 +196,7 @@ class Controller
private function _create() private function _create()
{ {
// Check if whitelist feature is enabled // Check if whitelist feature is enabled
if (($option = $this->_conf->getKey('whitelist_paste_creation', 'traffic')) !== null) { if (($option = $this->_conf->getKey('creators', 'traffic')) !== '') {
// Parse whitelist into array // Parse whitelist into array
$whitelist = explode(',', $option); $whitelist = explode(',', $option);
// Check for source IP in HTTP header // Check for source IP in HTTP header

View file

@ -33,13 +33,13 @@ class TrafficLimiter extends AbstractPersistence
private static $_limit = 10; private static $_limit = 10;
/** /**
* listed ips are exempted from limits, defaults to null * listed IPs are exempted from limits, defaults to null
* *
* @access private * @access private
* @static * @static
* @var string|null * @var string|null
*/ */
private static $_exemptedIp = null; private static $_exempted = null;
/** /**
* key to fetch IP address * key to fetch IP address
@ -63,15 +63,15 @@ class TrafficLimiter extends AbstractPersistence
} }
/** /**
* set a list of ip(ranges) as string * set a list of IP(-ranges) as string
* *
* @access public * @access public
* @static * @static
* @param string $exemptedIps * @param string $exempted
*/ */
public static function setExemptedIp($exemptedIp) public static function setExempted($exempted)
{ {
self::$_exemptedIp = $exemptedIp; self::$_exempted = $exempted;
} }
/** /**
@ -84,9 +84,9 @@ class TrafficLimiter extends AbstractPersistence
public static function setConfiguration(Configuration $conf) public static function setConfiguration(Configuration $conf)
{ {
self::setLimit($conf->getKey('limit', 'traffic')); self::setLimit($conf->getKey('limit', 'traffic'));
self::setExemptedIp($conf->getKey('exemptedIp', 'traffic')); self::setExempted($conf->getKey('exempted', 'traffic'));
if (($option = $conf->getKey('header', 'traffic')) !== null) { if (($option = $conf->getKey('header', 'traffic')) !== '') {
$httpHeader = 'HTTP_' . $option; $httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) { if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
self::$_ipKey = $httpHeader; self::$_ipKey = $httpHeader;
@ -152,8 +152,8 @@ class TrafficLimiter extends AbstractPersistence
} }
// Check if $_ipKey is exempted from ratelimiting // Check if $_ipKey is exempted from ratelimiting
if (!is_null(self::$_exemptedIp)) { if (!empty(self::$_exempted)) {
$exIp_array = explode(',', self::$_exemptedIp); $exIp_array = explode(',', self::$_exempted);
foreach ($exIp_array as $ipRange) { foreach ($exIp_array as $ipRange) {
if (self::matchIp($ipRange) === true) { if (self::matchIp($ipRange) === true) {
return true; return true;

View file

@ -47,7 +47,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass'); $this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
// exempted IPs configuration // exempted IPs configuration
TrafficLimiter::setExemptedIp('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48'); TrafficLimiter::setExempted('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted'); $this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
$_SERVER['REMOTE_ADDR'] = '10.10.10.10'; $_SERVER['REMOTE_ADDR'] = '10.10.10.10';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range'); $this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
@ -55,7 +55,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe'; $_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range'); $this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range'); $this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
TrafficLimiter::setExemptedIp('127.*,foobar'); TrafficLimiter::setExempted('127.*,foobar');
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range'); $this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
$_SERVER['REMOTE_ADDR'] = 'foobar'; $_SERVER['REMOTE_ADDR'] = 'foobar';
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address'); $this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');