* Admin: white-list IP addresses from blocking or set higher number of attempts

This commit is contained in:
Ralf Becker 2019-04-26 17:11:54 +02:00
parent 43f66d7ac2
commit 969864a623
2 changed files with 23 additions and 2 deletions

View File

@ -188,6 +188,11 @@
<description value="After how many unsuccessful attempts to login, an IP should be blocked (default 15) ?" label="%s:"/>
<textbox id="newsettings[num_unsuccessful_ip]" size="5"/>
</row>
<row>
<description value="Comma-separated IP addresses white-listed from above blocking (:optional number of attempts)"/>
<textbox id="newsettings[unsuccessful_ip_whitelist]" size="64" blur="X.X.X.X[:N], ..."
validator="/^(\\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?,? *)*$/"/>
</row>
<row>
<description value="How many minutes should an account or IP be blocked (default 1) ?" label="%s:"/>
<textbox id="newsettings[block_time]" size="5"/>

View File

@ -794,8 +794,24 @@ class Session
$false_ip += Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$ip);
$false_id += Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login);
$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'] ||
$false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
// if IP matches one in the (comma-separated) whitelist
// --> check with whitelists optional number (none means never block)
$matches = null;
if (!empty($GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist']) &&
preg_match_all('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:\d+)?/',
$GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist'], $matches) &&
($key=array_search($ip, $matches[1])) !== false)
{
$blocked = !empty($matches[3][$key]) && $false_ip > $matches[3][$key];
}
else // else check with general number
{
$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'];
}
if (!$blocked)
{
$blocked = $false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
}
//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));
if ($blocked && $GLOBALS['egw_info']['server']['admin_mails'] &&