MO Anti-pounding: mo_anti_pounding.bootstrap.inc File Reference

This function is the one that checks whether a user is actually pounding your server.

Parameters:

[in]

$p

The pounding object

References mo_anti_pounding_message().

Referenced by mo_anti_pounding_run().

This function saves the current pounding session to the session file. It is assumed that the file was successfully opened by the mo_anti_pounding_open_session() function.

Parameters:

[in]

$p

The pounding object

Referenced by mo_anti_pounding_is_banned(), and mo_anti_pounding_run().

This function adds the user data to the pounding object.

Parameters:

[in]

$p

The pounding object

Referenced by mo_anti_pounding_run().

This function gets the files used to setup the Anti-Pounding module.

Note that the path must be accessible in write mode by the Apache server and it should include a .htaccess to avoid users checking files inside it.

Returns:

The path to the anti-pounding folder, if the folder is missing, return FALSE

Referenced by mo_anti_pounding_clear_cache(), mo_anti_pounding_cron(), mo_anti_pounding_form(), mo_anti_pounding_load_preferences(), mo_anti_pounding_open_session(), mo_anti_pounding_save_preferences(), and mo_anti_pounding_status().

This function quickly checks whether this user session is blocking him. If so, we simply die since he's banned.

Parameters:

[in]

$p

The pounding object

References mo_anti_pounding_close_session().

Referenced by mo_anti_pounding_run().

This function reads the preference file from the anti-pounding settings directory.

The preferences are returned in an object.

When the preferences file does not exist, this function returns FALSE unless you pass TRUE in the $defaults parameter. In that case, it returns a default set of preferences.

The function sets the 'active' field to 'error' or 'read-only' if the file cannot be loaded or cannot be written to. Otherwise, the active field will be set to 'on' or 'off'.

Parameters:

[in]

$defaults

Whether the function should always return preferences (TRUE) or not (FALSE).

Returns:

An object with the preferences or FALSE.

References mo_anti_pounding_get_conf_path().

Referenced by mo_anti_pounding_form_submit(), mo_anti_pounding_run(), and mo_anti_pounding_status().

This function writes a line of log in the MO Anti-pounding file.

Parameters:

[in]	$p	The anti-pounding object
[in]	$output	The output (we post the length in the log)
[in]	$errno	The error we're sending to the user (default 503)

Referenced by mo_anti_pounding_page(), and mo_anti_pounding_skip().

This function appends messages to the $p->msg string. These are then posted to the end user.

Parameters:

[in]	$p	The pounding object
[in]	$msg	The message to append

Referenced by mo_anti_pounding_check().

This function opens and loads a session from the file defined as the user remote IP address. It is created in the anti-pounding configuration folder.

The data is directly loaded in the pounding object in the $p->session variable member.

Note:

The file will be locked on return. The unlock happens when the file is closed. It is important since many hits could come in very quickly and thus the session could be modified by multiple instances of PHP and messup the data.

Parameters:

[in]

$p

The pounding object

Returns:

TRUE on success, FALSE if the session cannot be created

References mo_anti_pounding_get_conf_path().

Referenced by mo_anti_pounding_run().

This function generates a blocking website, i.e. a webpage that prevents users from going to the website and hitting the database.

Parameters:

[in]

$p

The pounding object

References mo_anti_pounding_log().

Referenced by mo_anti_pounding_run().

This function is the one that runs all the checks to know whether a user should be banned.

If the user is found to be poundering your server, then the function sets an error 503 and never returns.

If the function returns, the user can be served as usual.

References mo_anti_pounding_check(), mo_anti_pounding_close_session(), mo_anti_pounding_get_client_data(), mo_anti_pounding_is_banned(), mo_anti_pounding_load_preferences(), mo_anti_pounding_open_session(), mo_anti_pounding_page(), and mo_anti_pounding_skip().

This function saves preferences in the preference file.

Parameters:

[in]

$prefs

The preferences to be saved

References mo_anti_pounding_get_conf_path().

Referenced by mo_anti_pounding_form_submit().

This function prevents the anti-pounding module from wasting time by very quickly checking a few cases that do not require access to the anti-pounding session.

The function will return TRUE if the user is accepted and no further processing is necessary. (i.e. Admin, whitelist, etc.)

The function returns FALSE when the user is not known. This means we want to check him with the anti-pounding feature.

The function does NOT return if the user is in your blacklist. In that case, the function quickly returns a 403 error to the user and dies.

Note:

Should we check the user agent as well as the IP? I would think that it will be hard to put the wrong IP address in a request when the agent can be changed any day. So I do not foresee much use in testing the agent in the white list.

Parameters:

[in]

$p

The MO Anti-pounding object

Returns:

TRUE if we can skip the ban tests

References mo_anti_pounding_log().

Referenced by mo_anti_pounding_run().