* Admin: white-list IP addresses from blocking or set higher number of attempts

2019-04-26 17:11:54 +02:00 · 2019-04-26 17:11:54 +02:00 · bf2de7f653
commit bf2de7f653
parent 0121d50c30
2 changed files with 23 additions and 2 deletions
--- a/admin/templates/default/config.xet
+++ b/admin/templates/default/config.xet
@ -220,6 +220,11 @@
 					<description value="After how many unsuccessful attempts to login, an IP should be blocked (default 15) ?" label="%s:"/>
 					<textbox id="newsettings[num_unsuccessful_ip]" size="5"/>
 				</row>
+				<row>
+					<description value="Comma-separated IP addresses white-listed from above blocking (:optional number of attempts)"/>
+					<textbox id="newsettings[unsuccessful_ip_whitelist]" size="64" blur="X.X.X.X[:N], ..."
+						validator="/^(\\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?,? *)*$/"/>
+				</row>
 				<row>
 					<description value="How many minutes should an account or IP be blocked (default 1) ?" label="%s:"/>
 					<textbox id="newsettings[block_time]" size="5"/>
--- a/api/src/Session.php
+++ b/api/src/Session.php
@ -808,8 +808,24 @@ class Session
 		$false_ip += Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$ip);
 		$false_id += Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login);

-		$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'] ||
-			$false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
+		// if IP matches one in the (comma-separated) whitelist
+		// --> check with whitelists optional number (none means never block)
+		$matches = null;
+		if (!empty($GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist']) &&
+			preg_match_all('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:\d+)?/',
+				$GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist'], $matches) &&
+			($key=array_search($ip, $matches[1])) !== false)
+		{
+			$blocked = !empty($matches[3][$key]) && $false_ip > $matches[3][$key];
+		}
+		else	// else check with general number
+		{
+			$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'];
+		}
+		if (!$blocked)
+		{
+			$blocked = $false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
+		}
 		//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));

 		if ($blocked && $GLOBALS['egw_info']['server']['admin_mails'] &&