Permalink
Browse files

* Ban IP that cause many exceptions in a short time.

* Create log entry, if IP added to ban list
  • Loading branch information...
1 parent 2643708 commit da20884d04707b8b77f17ec02637bf86e3c77749 @jedie committed Jan 3, 2012
@@ -5,6 +5,8 @@
~~~~~~~~~~~~~~~~~~~~
A simple model witch contains IP addresses with a timestamp.
+
+ TODO: Move IP-Ban + Log stuff into a separate app
e.g. usage in plugins:
--------------------------------------------------------------------------
@@ -14,13 +16,7 @@
BanEntry.objects.add(request) # raised Http404!
--------------------------------------------------------------------------
- Last commit info:
- ~~~~~~~~~~~~~~~~~
- $LastChangedDate:$
- $Rev:$
- $Author: JensDiemer $
-
- :copyleft: 2009 by the PyLucid team, see AUTHORS for more details.
+ :copyleft: 2009-2012 by the PyLucid team, see AUTHORS for more details.
:license: GNU GPL v3 or above, see LICENSE for more details.
"""
@@ -60,7 +56,8 @@ def add(self, request):
"""
remote_addr = request.META["REMOTE_ADDR"]
self.model(ip_address=remote_addr).save()
- raise Http404("Add IP to ban list.")
+ LogEntry.objects.log_action(app_label="pylucid", action="Add %s to ban list." % remote_addr)
+ raise Http404("You are now banned.")
@jedie

jedie Jan 6, 2012

Owner

Later updated unittest for this change here: 0d8845a

class BanEntry(models.Model):
@@ -1,10 +1,17 @@
# coding: utf-8
"""
+ Log model
+ ~~~~~~~~~
+
TODO:
+ * Move IP-Ban + Log stuff into a separate app
* handel proxy's 'HTTP_X_FORWARDED_FOR' values.
See notes here:
http://docs.djangoproject.com/en/1.0/ref/middleware/#reverse-proxy-middleware
+
+ :copyleft: 2009-2012 by the PyLucid team, see AUTHORS for more details.
+ :license: GNU GPL v3 or above, see LICENSE for more details.
"""
import datetime
@@ -1,5 +1,12 @@
# coding: utf-8
+"""
+ PyLucid system preferences
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ :copyleft: 2009-2012 by the PyLucid team, see AUTHORS for more details.
+ :license: GNU GPL v3 or above, see LICENSE for more details.
+"""
import warnings
@@ -98,6 +105,15 @@ class SystemPreferencesForm(DBPreferencesBaseForm):
help_text=_("The maximal numbers of log entries. After this the oldest log entries would be automatically deleted to protect against overloading."),
)
+ ban_count = forms.IntegerField(
+ help_text=_("Numbers of exceptions from one IP within 'ban_time' Sec. after IP would be banned. (Used 'REMOTE_ADDR')"),
+ initial=10, min_value=1, max_value=100
+ )
+ ban_time = forms.IntegerField(
+ help_text=_("Time period for count exceptions log messages from the same IP. (Used 'REMOTE_ADDR')"),
+ initial=30, min_value=1, max_value=600
+ )
+
def __init__(self, *args, **kwargs):
super(SystemPreferencesForm, self).__init__(*args, **kwargs)
existing_designs = Design.on_site.all().values_list("id", "name")
@@ -1,5 +1,18 @@
# coding: utf-8
+"""
+ IPBanMiddleware
+ ~~~~~~~~~~~~~~~
+
+ Block banned IP addresses and delete old pylucid.models.BanEntry items:
+
+ TODO: Move IP-Ban + Log stuff into a separate app
+
+ :copyleft: 2009-2012 by the PyLucid team, see AUTHORS for more details.
+ :license: GNU GPL v3 or above, see LICENSE for more details.
+"""
+
+
import time
import datetime
@@ -1,5 +1,17 @@
# coding: utf-8
+"""
+ PyLucid middleware
+ ~~~~~~~~~~~~~~~~~~
+
+ Create request.PYLUCID and log process_exception()
+
+ TODO: Move IP-Ban + Log stuff into a separate app
+
+ :copyleft: 2009-2012 by the PyLucid team, see AUTHORS for more details.
+ :license: GNU GPL v3 or above, see LICENSE for more details.
+"""
+
import traceback
from django.conf import settings
@@ -17,12 +29,12 @@ def process_request(self, request):
request.PYLUCID = pylucid_objects.PyLucidRequestObjects(request)
def process_exception(self, request, exception):
- if isinstance(exception, Http404): # Handle 404 page not found errors
-
- # Get the system preferences
- sys_pref = request.PYLUCID.preferences
- sys_pref_form = request.PYLUCID.preferences_form
+ # Get the system preferences
+ sys_pref = request.PYLUCID.preferences
+ sys_pref_form = request.PYLUCID.preferences_form
+ if isinstance(exception, Http404):
+ # Handle 404 page not found errors
log404_verbosity = sys_pref.get("log404_verbosity", sys_pref_form.LOG404_NOREDIRECT)
if log404_verbosity == sys_pref_form.LOG404_NOTHING:
@@ -58,3 +70,17 @@ def process_exception(self, request, exception):
app_label="pylucid", action="PyLucidMiddleware.process_exception()", message=message,
long_message=traceback.format_exc()
)
+
+ ban_time = sys_pref["ban_time"] # Time period for count exceptions log messages from the same IP.
+ ban_count = sys_pref["ban_count"] # Numbers of exceptions from one IP within 'ban_time' after the IP would be banned.
+
+ # Count the last requests for this app_label
+ queryset = LogEntry.objects.last_remote_addr_actions(request, ban_time)
+ queryset = queryset.filter(app_label="pylucid")
+ queryset = queryset.filter(action="PyLucidMiddleware.process_exception()")
+ last_actions = queryset.count()
+
+ if last_actions >= ban_count:
+ from pylucid_project.apps.pylucid.models import BanEntry
+ BanEntry.objects.add(request) # raised 404 after adding the client IP!
+

0 comments on commit da20884

Please sign in to comment.