Ban users that pounder really hard on your site. More...
Classes | |
class | mo_anti_pounding_prefs |
Class used to memorize all the MO Anti-pounding data. More... | |
Functions | |
mo_anti_pounding_get_conf_path () | |
Get the path to the Anti-Pounding files. | |
mo_anti_pounding_load_preferences ($defaults) | |
Read the preferences. | |
mo_anti_pounding_save_preferences ($prefs) | |
Save preferences in the preference file. | |
mo_anti_pounding_get_client_data ($p) | |
Get the client data. | |
mo_anti_pounding_skip ($p) | |
Check quick cases to skip all banning. | |
mo_anti_pounding_open_session ($p) | |
Load the session from the file. | |
mo_anti_pounding_close_session ($p) | |
Save the session to the file. | |
mo_anti_pounding_is_banned ($p) | |
Fast cut-off test. | |
mo_anti_pounding_message ($p, $msg) | |
Append an error message to post to the end user. | |
mo_anti_pounding_check ($p) | |
The actual anti-pounding check. | |
mo_anti_pounding_page ($p) | |
Generate a blocking webpage. | |
mo_anti_pounding_log ($p, $output, $errno=503) | |
Log a message. | |
mo_anti_pounding_run () | |
Check whether the user has permission. |
This file is the core of this module. It includes the functions that check whether an incoming hit must be considered a hammer hit or is still considered a gentle hit.
If you want to review the code, you probably want to start with mo_anti_pounding_run() which is called from the settings.inc script.
http://www.m2osw.com/mo_anti_pounding contact@m2osw.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
mo_anti_pounding_check | ( | $ | p | ) |
This function is the one that checks whether a user is actually pounding your server.
[in] | $p | The pounding object |
References mo_anti_pounding_message().
Referenced by mo_anti_pounding_run().
mo_anti_pounding_close_session | ( | $ | p | ) |
This function saves the current pounding session to the session file. It is assumed that the file was successfully opened by the mo_anti_pounding_open_session() function.
[in] | $p | The pounding object |
Referenced by mo_anti_pounding_is_banned(), and mo_anti_pounding_run().
mo_anti_pounding_get_client_data | ( | $ | p | ) |
This function adds the user data to the pounding object.
[in] | $p | The pounding object |
Referenced by mo_anti_pounding_run().
mo_anti_pounding_get_conf_path | ( | ) |
This function gets the files used to setup the Anti-Pounding module.
Note that the path must be accessible in write mode by the Apache server and it should include a .htaccess to avoid users checking files inside it.
Referenced by mo_anti_pounding_clear_cache(), mo_anti_pounding_cron(), mo_anti_pounding_form(), mo_anti_pounding_load_preferences(), mo_anti_pounding_open_session(), mo_anti_pounding_save_preferences(), and mo_anti_pounding_status().
mo_anti_pounding_is_banned | ( | $ | p | ) |
This function quickly checks whether this user session is blocking him. If so, we simply die since he's banned.
[in] | $p | The pounding object |
References mo_anti_pounding_close_session().
Referenced by mo_anti_pounding_run().
mo_anti_pounding_load_preferences | ( | $ | defaults | ) |
This function reads the preference file from the anti-pounding settings directory.
The preferences are returned in an object.
When the preferences file does not exist, this function returns FALSE unless you pass TRUE in the $defaults parameter. In that case, it returns a default set of preferences.
The function sets the 'active' field to 'error' or 'read-only' if the file cannot be loaded or cannot be written to. Otherwise, the active field will be set to 'on' or 'off'.
[in] | $defaults | Whether the function should always return preferences (TRUE) or not (FALSE). |
References mo_anti_pounding_get_conf_path().
Referenced by mo_anti_pounding_form_submit(), mo_anti_pounding_run(), and mo_anti_pounding_status().
mo_anti_pounding_log | ( | $ | p, |
$ | output, | ||
$ | errno = 503 |
||
) |
This function writes a line of log in the MO Anti-pounding file.
[in] | $p | The anti-pounding object |
[in] | $output | The output (we post the length in the log) |
[in] | $errno | The error we're sending to the user (default 503) |
Referenced by mo_anti_pounding_page(), and mo_anti_pounding_skip().
mo_anti_pounding_message | ( | $ | p, |
$ | msg | ||
) |
This function appends messages to the $p->msg string. These are then posted to the end user.
[in] | $p | The pounding object |
[in] | $msg | The message to append |
Referenced by mo_anti_pounding_check().
mo_anti_pounding_open_session | ( | $ | p | ) |
This function opens and loads a session from the file defined as the user remote IP address. It is created in the anti-pounding configuration folder.
The data is directly loaded in the pounding object in the $p->session variable member.
[in] | $p | The pounding object |
References mo_anti_pounding_get_conf_path().
Referenced by mo_anti_pounding_run().
mo_anti_pounding_page | ( | $ | p | ) |
This function generates a blocking website, i.e. a webpage that prevents users from going to the website and hitting the database.
[in] | $p | The pounding object |
References mo_anti_pounding_log().
Referenced by mo_anti_pounding_run().
mo_anti_pounding_run | ( | ) |
This function is the one that runs all the checks to know whether a user should be banned.
If the user is found to be poundering your server, then the function sets an error 503 and never returns.
If the function returns, the user can be served as usual.
References mo_anti_pounding_check(), mo_anti_pounding_close_session(), mo_anti_pounding_get_client_data(), mo_anti_pounding_is_banned(), mo_anti_pounding_load_preferences(), mo_anti_pounding_open_session(), mo_anti_pounding_page(), and mo_anti_pounding_skip().
mo_anti_pounding_save_preferences | ( | $ | prefs | ) |
This function saves preferences in the preference file.
[in] | $prefs | The preferences to be saved |
References mo_anti_pounding_get_conf_path().
Referenced by mo_anti_pounding_form_submit().
mo_anti_pounding_skip | ( | $ | p | ) |
This function prevents the anti-pounding module from wasting time by very quickly checking a few cases that do not require access to the anti-pounding session.
The function will return TRUE if the user is accepted and no further processing is necessary. (i.e. Admin, whitelist, etc.)
The function returns FALSE when the user is not known. This means we want to check him with the anti-pounding feature.
The function does NOT return if the user is in your blacklist. In that case, the function quickly returns a 403 error to the user and dies.
[in] | $p | The MO Anti-pounding object |
References mo_anti_pounding_log().
Referenced by mo_anti_pounding_run().