github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 13:31:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: global rate limiter can bypass local IPs

Browse Source
This commit is contained in:
Sam
2018-01-08 08:39:17 +11:00
parent e3f8182125
commit cecd7d0d07
3 changed files with 62 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/middleware/request_tracker.rb
View File

@ -142,14 +142,27 @@ class Middleware::RequestTracker
log_request_info(env, result, info) unless env["discourse.request_tracker.skip"]
end
PRIVATE_IP = /^(127\.)|(192\.168\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(::1$)|([fF][cCdD])/
def is_private_ip?(ip)
ip = IPAddr.new(ip) rescue nil
!!(ip && ip.to_s.match?(PRIVATE_IP))
end
def rate_limit(env)
if (
GlobalSetting.max_requests_per_ip_mode == "block" ||
GlobalSetting.max_requests_per_ip_mode == "warn"
GlobalSetting.max_requests_per_ip_mode == "warn" ||
GlobalSetting.max_requests_per_ip_mode == "warn+block"
)
ip = Rack::Request.new(env).ip
if !GlobalSetting.max_requests_rate_limit_on_private
return false if is_private_ip?(ip)
end
limiter10 = RateLimiter.new(
nil,
"global_ip_limit_10_#{ip}",
@ -172,9 +185,12 @@ class Middleware::RequestTracker
type = 60
limiter60.performed!
rescue RateLimiter::LimitExceeded
if GlobalSetting.max_requests_per_ip_mode == "warn"
if (
GlobalSetting.max_requests_per_ip_mode == "warn" ||
GlobalSetting.max_requests_per_ip_mode == "warn+block"
)
Rails.logger.warn("Global IP rate limit exceeded for #{ip}: #{type} second rate limit, uri: #{env["REQUEST_URI"]}")
false
!(GlobalSetting.max_requests_per_ip_mode == "warn")
else
true
end