traffic limiter would fail behind a reverse proxy / load balancer.
Adding configuration option to set the trusted HTTP header to get the visitors IP in such a case (avoiding security issue if malicious clients just set these headers themselfs)
This commit is contained in:
parent
801cdc627e
commit
47efedf23c
|
@ -71,6 +71,12 @@ markdown = "Markdown"
|
||||||
; time limit between calls from the same IP address in seconds
|
; time limit between calls from the same IP address in seconds
|
||||||
; Set this to 0 to disable rate limiting.
|
; Set this to 0 to disable rate limiting.
|
||||||
limit = 10
|
limit = 10
|
||||||
|
|
||||||
|
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||||
|
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||||
|
; header = "X_FORWARDED_FOR"
|
||||||
|
|
||||||
|
; directory to store the traffic limits in
|
||||||
dir = PATH "data"
|
dir = PATH "data"
|
||||||
|
|
||||||
[model]
|
[model]
|
||||||
|
|
|
@ -223,7 +223,16 @@ class zerobin
|
||||||
// Make sure last paste from the IP address was more than X seconds ago.
|
// Make sure last paste from the IP address was more than X seconds ago.
|
||||||
trafficlimiter::setLimit($this->_conf['traffic']['limit']);
|
trafficlimiter::setLimit($this->_conf['traffic']['limit']);
|
||||||
trafficlimiter::setPath($this->_conf['traffic']['dir']);
|
trafficlimiter::setPath($this->_conf['traffic']['dir']);
|
||||||
if (!trafficlimiter::canPass($_SERVER['REMOTE_ADDR']))
|
$ipKey = 'REMOTE_ADDR';
|
||||||
|
if (array_key_exists('header', $this->_conf['traffic']))
|
||||||
|
{
|
||||||
|
$header = 'HTTP_' . $this->_conf['traffic']['header'];
|
||||||
|
if (array_key_exists($header, $_SERVER) && !empty($_SERVER[$header]))
|
||||||
|
{
|
||||||
|
$ipKey = $header;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!trafficlimiter::canPass($_SERVER[$ipKey]))
|
||||||
{
|
{
|
||||||
$this->_return_message(
|
$this->_return_message(
|
||||||
1,
|
1,
|
||||||
|
|
Loading…
Reference in New Issue