simplify/unify naming & wording of the two types of IP lists for the traffic limiter
This commit is contained in:
parent
d764c03759
commit
91041d8c59
|
@ -135,14 +135,17 @@ markdown = "Markdown"
|
|||
; Set this to 0 to disable rate limiting.
|
||||
limit = 10
|
||||
|
||||
; Set ips (v4|v6) which should be exempted for the rate-limit. CIDR also supported. Needed to be comma separated.
|
||||
; Unset for enabling and invalid values will be ignored
|
||||
; eg: exemptedIp = '1.2.3.4,10.10.10/24'
|
||||
; (optional) Set IPs adresses (v4 or v6) or subnets (CIDR) which are exempted
|
||||
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
|
||||
; be exempted, the list needs to be comma separated. Leave unset to disable
|
||||
; exemptions.
|
||||
; exempted = "1.2.3.4,10.10.10/24"
|
||||
|
||||
; (optional) if you only want some source IP addresses to create pastes
|
||||
; enter their IPv4 address(es) here, separated by commas. This does not
|
||||
; currently support CIDR notation, only individual IPv4 addresses.
|
||||
; whitelist_paste_creation = "12.34.56.78,99.88.77.66"
|
||||
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
|
||||
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
|
||||
; ignored. If multiple values are to be exempted, the list needs to be comma
|
||||
; separated. Leave unset to allow anyone to create pastes.
|
||||
; creators = "1.2.3.4,10.10.10/24"
|
||||
|
||||
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||
|
|
|
@ -79,9 +79,9 @@ class Configuration
|
|||
),
|
||||
'traffic' => array(
|
||||
'limit' => 10,
|
||||
'header' => null,
|
||||
'exemptedIp' => null,
|
||||
'whitelist' => null,
|
||||
'header' => '',
|
||||
'exempted' => '',
|
||||
'creators' => '',
|
||||
),
|
||||
'purge' => array(
|
||||
'limit' => 300,
|
||||
|
|
|
@ -196,7 +196,7 @@ class Controller
|
|||
private function _create()
|
||||
{
|
||||
// Check if whitelist feature is enabled
|
||||
if (($option = $this->_conf->getKey('whitelist_paste_creation', 'traffic')) !== null) {
|
||||
if (($option = $this->_conf->getKey('creators', 'traffic')) !== '') {
|
||||
// Parse whitelist into array
|
||||
$whitelist = explode(',', $option);
|
||||
// Check for source IP in HTTP header
|
||||
|
|
|
@ -33,13 +33,13 @@ class TrafficLimiter extends AbstractPersistence
|
|||
private static $_limit = 10;
|
||||
|
||||
/**
|
||||
* listed ips are exempted from limits, defaults to null
|
||||
* listed IPs are exempted from limits, defaults to null
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @var string|null
|
||||
*/
|
||||
private static $_exemptedIp = null;
|
||||
private static $_exempted = null;
|
||||
|
||||
/**
|
||||
* key to fetch IP address
|
||||
|
@ -63,15 +63,15 @@ class TrafficLimiter extends AbstractPersistence
|
|||
}
|
||||
|
||||
/**
|
||||
* set a list of ip(ranges) as string
|
||||
* set a list of IP(-ranges) as string
|
||||
*
|
||||
* @access public
|
||||
* @static
|
||||
* @param string $exemptedIps
|
||||
* @param string $exempted
|
||||
*/
|
||||
public static function setExemptedIp($exemptedIp)
|
||||
public static function setExempted($exempted)
|
||||
{
|
||||
self::$_exemptedIp = $exemptedIp;
|
||||
self::$_exempted = $exempted;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -84,9 +84,9 @@ class TrafficLimiter extends AbstractPersistence
|
|||
public static function setConfiguration(Configuration $conf)
|
||||
{
|
||||
self::setLimit($conf->getKey('limit', 'traffic'));
|
||||
self::setExemptedIp($conf->getKey('exemptedIp', 'traffic'));
|
||||
self::setExempted($conf->getKey('exempted', 'traffic'));
|
||||
|
||||
if (($option = $conf->getKey('header', 'traffic')) !== null) {
|
||||
if (($option = $conf->getKey('header', 'traffic')) !== '') {
|
||||
$httpHeader = 'HTTP_' . $option;
|
||||
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
|
||||
self::$_ipKey = $httpHeader;
|
||||
|
@ -152,8 +152,8 @@ class TrafficLimiter extends AbstractPersistence
|
|||
}
|
||||
|
||||
// Check if $_ipKey is exempted from ratelimiting
|
||||
if (!is_null(self::$_exemptedIp)) {
|
||||
$exIp_array = explode(',', self::$_exemptedIp);
|
||||
if (!empty(self::$_exempted)) {
|
||||
$exIp_array = explode(',', self::$_exempted);
|
||||
foreach ($exIp_array as $ipRange) {
|
||||
if (self::matchIp($ipRange) === true) {
|
||||
return true;
|
||||
|
|
|
@ -47,7 +47,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
|
|||
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
|
||||
|
||||
// exempted IPs configuration
|
||||
TrafficLimiter::setExemptedIp('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
|
||||
TrafficLimiter::setExempted('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
|
||||
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
|
||||
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
|
||||
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
|
||||
|
@ -55,7 +55,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
|
|||
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
|
||||
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
|
||||
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
|
||||
TrafficLimiter::setExemptedIp('127.*,foobar');
|
||||
TrafficLimiter::setExempted('127.*,foobar');
|
||||
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
|
||||
$_SERVER['REMOTE_ADDR'] = 'foobar';
|
||||
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');
|
||||
|
|
Loading…
Reference in New Issue