simplify/unify naming & wording of the two types of IP lists for the traffic limiter

This commit is contained in:
El RIDO 2022-02-20 09:09:20 +01:00
parent d764c03759
commit 91041d8c59
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
5 changed files with 27 additions and 24 deletions

View File

@ -135,14 +135,17 @@ markdown = "Markdown"
; Set this to 0 to disable rate limiting.
limit = 10
; Set ips (v4|v6) which should be exempted for the rate-limit. CIDR also supported. Needed to be comma separated.
; Unset for enabling and invalid values will be ignored
; eg: exemptedIp = '1.2.3.4,10.10.10/24'
; (optional) Set IPs adresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) if you only want some source IP addresses to create pastes
; enter their IPv4 address(es) here, separated by commas. This does not
; currently support CIDR notation, only individual IPv4 addresses.
; whitelist_paste_creation = "12.34.56.78,99.88.77.66"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR

View File

@ -78,10 +78,10 @@ class Configuration
'markdown' => 'Markdown',
),
'traffic' => array(
'limit' => 10,
'header' => null,
'exemptedIp' => null,
'whitelist' => null,
'limit' => 10,
'header' => '',
'exempted' => '',
'creators' => '',
),
'purge' => array(
'limit' => 300,

View File

@ -196,7 +196,7 @@ class Controller
private function _create()
{
// Check if whitelist feature is enabled
if (($option = $this->_conf->getKey('whitelist_paste_creation', 'traffic')) !== null) {
if (($option = $this->_conf->getKey('creators', 'traffic')) !== '') {
// Parse whitelist into array
$whitelist = explode(',', $option);
// Check for source IP in HTTP header

View File

@ -33,13 +33,13 @@ class TrafficLimiter extends AbstractPersistence
private static $_limit = 10;
/**
* listed ips are exempted from limits, defaults to null
* listed IPs are exempted from limits, defaults to null
*
* @access private
* @static
* @var string|null
*/
private static $_exemptedIp = null;
private static $_exempted = null;
/**
* key to fetch IP address
@ -63,15 +63,15 @@ class TrafficLimiter extends AbstractPersistence
}
/**
* set a list of ip(ranges) as string
* set a list of IP(-ranges) as string
*
* @access public
* @static
* @param string $exemptedIps
* @param string $exempted
*/
public static function setExemptedIp($exemptedIp)
public static function setExempted($exempted)
{
self::$_exemptedIp = $exemptedIp;
self::$_exempted = $exempted;
}
/**
@ -84,9 +84,9 @@ class TrafficLimiter extends AbstractPersistence
public static function setConfiguration(Configuration $conf)
{
self::setLimit($conf->getKey('limit', 'traffic'));
self::setExemptedIp($conf->getKey('exemptedIp', 'traffic'));
self::setExempted($conf->getKey('exempted', 'traffic'));
if (($option = $conf->getKey('header', 'traffic')) !== null) {
if (($option = $conf->getKey('header', 'traffic')) !== '') {
$httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
self::$_ipKey = $httpHeader;
@ -152,8 +152,8 @@ class TrafficLimiter extends AbstractPersistence
}
// Check if $_ipKey is exempted from ratelimiting
if (!is_null(self::$_exemptedIp)) {
$exIp_array = explode(',', self::$_exemptedIp);
if (!empty(self::$_exempted)) {
$exIp_array = explode(',', self::$_exempted);
foreach ($exIp_array as $ipRange) {
if (self::matchIp($ipRange) === true) {
return true;

View File

@ -47,7 +47,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
// exempted IPs configuration
TrafficLimiter::setExemptedIp('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
TrafficLimiter::setExempted('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
@ -55,7 +55,7 @@ class TrafficLimiterTest extends PHPUnit_Framework_TestCase
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
TrafficLimiter::setExemptedIp('127.*,foobar');
TrafficLimiter::setExempted('127.*,foobar');
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
$_SERVER['REMOTE_ADDR'] = 'foobar';
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');