From e5f0d3eb3722e3931d0514f85f405612e9d1b9da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Thu, 23 May 2019 17:56:33 +0300 Subject: [PATCH] Only log one host blocking message The message would be logged multiple times if multiple authentication attemps failed at the same time. Also renamed the RateLimit class method to the same as the Listener one. --- server/core/listener.cc | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/server/core/listener.cc b/server/core/listener.cc index 44440a3f3..3e428f28a 100644 --- a/server/core/listener.cc +++ b/server/core/listener.cc @@ -56,11 +56,18 @@ namespace class RateLimit { public: - bool auth_failed(const std::string& remote) + /** + * Mark authentication from a host as failed + * + * @param remote The host from which the connection originated + * + * @return True if this was the failure that caused the host to be blocked + */ + bool mark_auth_as_failed(const std::string& remote) { auto& u = m_failures[remote]; u.last_failure = Clock::now(); - return ++u.failures >= config_get_global_options()->max_auth_errors_until_block; + return ++u.failures == config_get_global_options()->max_auth_errors_until_block; } bool is_blocked(const std::string& remote) @@ -1030,7 +1037,7 @@ void Listener::accept_connections() void Listener::mark_auth_as_failed(const std::string& remote) { - if (rate_limit.auth_failed(remote)) + if (rate_limit.mark_auth_as_failed(remote)) { MXS_NOTICE("Host '%s' blocked for %d seconds due to too many authentication failures.", remote.c_str(), BLOCK_TIME);