mirror of https://github.com/acanas/swad-core.git
Version 20.51.9: Mar 18, 2021 Firewall database tables renamed.
This commit is contained in:
parent
6f5e476d7e
commit
0de0a89903
|
@ -638,9 +638,9 @@ CREATE TABLE IF NOT EXISTS fig_figures (
|
|||
LastUpdate TIMESTAMP,
|
||||
UNIQUE INDEX(Figure,Scope,Cod));
|
||||
--
|
||||
-- Table firewall_banned: stores the banned IPs in order to mitigate denial of service attacks
|
||||
-- Table fir_banned: stores the banned IPs in order to mitigate denial of service attacks
|
||||
--
|
||||
CREATE TABLE IF NOT EXISTS firewall_banned (
|
||||
CREATE TABLE IF NOT EXISTS fir_banned (
|
||||
IP CHAR(15) NOT NULL,
|
||||
BanTime DATETIME NOT NULL,
|
||||
UnbanTime DATETIME NOT NULL,
|
||||
|
@ -648,9 +648,9 @@ CREATE TABLE IF NOT EXISTS firewall_banned (
|
|||
INDEX(BanTime),
|
||||
INDEX(UnbanTime));
|
||||
--
|
||||
-- Table firewall_log: stores the most recent IPs in order to mitigate denial of service attacks
|
||||
-- Table fir_log: stores the most recent IPs in order to mitigate denial of service attacks
|
||||
--
|
||||
CREATE TABLE IF NOT EXISTS firewall_log (
|
||||
CREATE TABLE IF NOT EXISTS fir_log (
|
||||
ClickTime DATETIME NOT NULL,
|
||||
IP CHAR(15) NOT NULL,
|
||||
INDEX(ClickTime),
|
||||
|
|
|
@ -600,13 +600,18 @@ TODO: Salvador Romero Cort
|
|||
|
||||
TODO: FIX BUG, URGENT! En las fechas como parámetro Dat_WriteParamsIniEndDates(), por ejemplo al cambiar el color de la gráfica de accesos por día y hora, no se respeta la zona horaria.
|
||||
*/
|
||||
#define Log_PLATFORM_VERSION "SWAD 20.51.8 (2021-03-18)"
|
||||
#define Log_PLATFORM_VERSION "SWAD 20.51.9 (2021-03-18)"
|
||||
#define CSS_FILE "swad20.45.css"
|
||||
#define JS_FILE "swad20.6.2.js"
|
||||
/*
|
||||
TODO: Rename CENTRE to CENTER in help wiki.
|
||||
TODO: Rename ASSESSMENT.Announcements to ASSESSMENT.Calls_for_exams
|
||||
|
||||
Version 20.51.9: Mar 18, 2021 Firewall database tables renamed. (307724 lines)
|
||||
2 changes necessary in database:
|
||||
RENAME TABLE firewall_banned TO fir_banned;
|
||||
RENAME TABLE firewall_log TO fir_log;
|
||||
|
||||
Version 20.51.8: Mar 18, 2021 File views database table renamed. (307717 lines)
|
||||
1 change necessary in database:
|
||||
RENAME TABLE file_view TO brw_file_views;
|
||||
|
|
|
@ -1398,9 +1398,9 @@ mysql> DESCRIBE fig_figures;
|
|||
"LastUpdate TIMESTAMP,"
|
||||
"UNIQUE INDEX(Figure,Scope,Cod))");
|
||||
|
||||
/***** Table firewall_banned *****/
|
||||
/***** Table fir_banned *****/
|
||||
/*
|
||||
mysql> DESCRIBE firewall_banned;
|
||||
mysql> DESCRIBE fir_banned;
|
||||
+-----------+----------+------+-----+---------+-------+
|
||||
| Field | Type | Null | Key | Default | Extra |
|
||||
+-----------+----------+------+-----+---------+-------+
|
||||
|
@ -1410,7 +1410,7 @@ mysql> DESCRIBE firewall_banned;
|
|||
+-----------+----------+------+-----+---------+-------+
|
||||
3 rows in set (0.00 sec)
|
||||
*/
|
||||
DB_CreateTable ("CREATE TABLE IF NOT EXISTS firewall_banned ("
|
||||
DB_CreateTable ("CREATE TABLE IF NOT EXISTS fir_banned ("
|
||||
"IP CHAR(15) NOT NULL," // Cns_MAX_BYTES_IP
|
||||
"BanTime DATETIME NOT NULL,"
|
||||
"UnbanTime DATETIME NOT NULL,"
|
||||
|
@ -1418,9 +1418,9 @@ mysql> DESCRIBE firewall_banned;
|
|||
"INDEX(BanTime),"
|
||||
"INDEX(UnbanTime));");
|
||||
|
||||
/***** Table firewall_log *****/
|
||||
/***** Table fir_log *****/
|
||||
/*
|
||||
mysql> DESCRIBE firewall_log;
|
||||
mysql> DESCRIBE fir_log;
|
||||
+-----------+----------+------+-----+---------+-------+
|
||||
| Field | Type | Null | Key | Default | Extra |
|
||||
+-----------+----------+------+-----+---------+-------+
|
||||
|
@ -1429,7 +1429,7 @@ mysql> DESCRIBE firewall_log;
|
|||
+-----------+----------+------+-----+---------+-------+
|
||||
2 rows in set (0.00 sec)
|
||||
*/
|
||||
DB_CreateTable ("CREATE TABLE IF NOT EXISTS firewall_log ("
|
||||
DB_CreateTable ("CREATE TABLE IF NOT EXISTS fir_log ("
|
||||
"ClickTime DATETIME NOT NULL,"
|
||||
"IP CHAR(15) NOT NULL," // Cns_MAX_BYTES_IP
|
||||
"INDEX(ClickTime),"
|
||||
|
|
|
@ -59,19 +59,19 @@ extern struct Globals Gbl;
|
|||
/****************************** Private prototypes ***************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
static void FW_BanIP (void);
|
||||
static void Fir_BanIP (void);
|
||||
|
||||
static void FW_WriteHTML (const char *Title,const char *H1);
|
||||
static void Fir_WriteHTML (const char *Title,const char *H1);
|
||||
|
||||
/*****************************************************************************/
|
||||
/************************** Log access into firewall *************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
void FW_LogAccess (void)
|
||||
void Fir_LogAccess (void)
|
||||
{
|
||||
/***** Log access in firewall recent log *****/
|
||||
DB_QueryINSERT ("can not log access into firewall_log",
|
||||
"INSERT INTO firewall_log"
|
||||
"INSERT INTO fir_log"
|
||||
" (ClickTime,IP)"
|
||||
" VALUES"
|
||||
" (NOW(),'%s')",
|
||||
|
@ -82,11 +82,11 @@ void FW_LogAccess (void)
|
|||
/********************** Remove old clicks from firewall **********************/
|
||||
/*****************************************************************************/
|
||||
|
||||
void FW_PurgeFirewall (void)
|
||||
void Fir_PurgeFirewall (void)
|
||||
{
|
||||
/***** Remove old clicks *****/
|
||||
DB_QueryDELETE ("can not purge firewall log",
|
||||
"DELETE LOW_PRIORITY FROM firewall_log"
|
||||
"DELETE LOW_PRIORITY FROM fir_log"
|
||||
" WHERE ClickTime<FROM_UNIXTIME(UNIX_TIMESTAMP()-%lu)",
|
||||
(unsigned long) Fw_TIME_TO_DELETE_OLD_CLICKS);
|
||||
}
|
||||
|
@ -95,14 +95,16 @@ void FW_PurgeFirewall (void)
|
|||
/*************************** Check if IP is banned ***************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
void FW_CheckFirewallAndExitIfBanned (void)
|
||||
void Fir_CheckFirewallAndExitIfBanned (void)
|
||||
{
|
||||
unsigned long NumCurrentBans;
|
||||
|
||||
/***** Get number of current bans from database *****/
|
||||
NumCurrentBans = DB_QueryCOUNT ("can not check firewall log",
|
||||
"SELECT COUNT(*) FROM firewall_banned"
|
||||
" WHERE IP='%s' AND UnbanTime>NOW()",
|
||||
"SELECT COUNT(*)"
|
||||
" FROM fir_banned"
|
||||
" WHERE IP='%s'"
|
||||
" AND UnbanTime>NOW()",
|
||||
Gbl.IP);
|
||||
|
||||
/***** Exit with status 403 if banned *****/
|
||||
|
@ -114,7 +116,7 @@ void FW_CheckFirewallAndExitIfBanned (void)
|
|||
/* Return status 403 Forbidden */
|
||||
fprintf (stdout,"Content-Type: text/html; charset=windows-1252\n"
|
||||
"Status: 403\r\n\r\n");
|
||||
FW_WriteHTML ("Forbidden","You are temporarily banned");
|
||||
Fir_WriteHTML ("Forbidden","You are temporarily banned");
|
||||
|
||||
/* Close database connection and exit */
|
||||
DB_CloseDBConnection ();
|
||||
|
@ -126,13 +128,14 @@ void FW_CheckFirewallAndExitIfBanned (void)
|
|||
/**************** Check if too many connections from this IP *****************/
|
||||
/*****************************************************************************/
|
||||
|
||||
void FW_CheckFirewallAndExitIfTooManyRequests (void)
|
||||
void Fir_CheckFirewallAndExitIfTooManyRequests (void)
|
||||
{
|
||||
unsigned long NumClicks;
|
||||
|
||||
/***** Get number of clicks from database *****/
|
||||
NumClicks = DB_QueryCOUNT ("can not check firewall log",
|
||||
"SELECT COUNT(*) FROM firewall_log"
|
||||
"SELECT COUNT(*)"
|
||||
" FROM fir_log"
|
||||
" WHERE IP='%s'"
|
||||
" AND ClickTime>FROM_UNIXTIME(UNIX_TIMESTAMP()-%lu)",
|
||||
Gbl.IP,
|
||||
|
@ -145,14 +148,14 @@ void FW_CheckFirewallAndExitIfTooManyRequests (void)
|
|||
if (NumClicks > Fw_MAX_CLICKS_IN_INTERVAL)
|
||||
{
|
||||
/* Ban this IP */
|
||||
FW_BanIP ();
|
||||
Fir_BanIP ();
|
||||
|
||||
/* Return status 429 Too Many Requests */
|
||||
fprintf (stdout,"Content-Type: text/html; charset=windows-1252\n"
|
||||
"Retry-After: %lu\n"
|
||||
"Status: 429\r\n\r\n",
|
||||
(unsigned long) Fw_TIME_BANNED);
|
||||
FW_WriteHTML ("Too Many Requests","Please stop that");
|
||||
Fir_WriteHTML ("Too Many Requests","Please stop that");
|
||||
|
||||
/* Close database connection and exit */
|
||||
DB_CloseDBConnection ();
|
||||
|
@ -164,11 +167,11 @@ void FW_CheckFirewallAndExitIfTooManyRequests (void)
|
|||
/********************************* Ban an IP *********************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
static void FW_BanIP (void)
|
||||
static void Fir_BanIP (void)
|
||||
{
|
||||
/***** Insert IP into table of banned IPs *****/
|
||||
DB_QueryINSERT ("can not ban IP",
|
||||
"INSERT INTO firewall_banned"
|
||||
"INSERT INTO fir_banned"
|
||||
" (IP,BanTime,UnbanTime)"
|
||||
" VALUES"
|
||||
" ('%s',NOW(),FROM_UNIXTIME(UNIX_TIMESTAMP()+%lu))",
|
||||
|
@ -179,7 +182,7 @@ static void FW_BanIP (void)
|
|||
/********************************* Ban an IP *********************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
static void FW_WriteHTML (const char *Title,const char *H1)
|
||||
static void Fir_WriteHTML (const char *Title,const char *H1)
|
||||
{
|
||||
fprintf (stdout,"<html>"
|
||||
"<head>"
|
||||
|
|
|
@ -35,10 +35,10 @@
|
|||
/***************************** Public prototypes *****************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
void FW_LogAccess (void);
|
||||
void FW_PurgeFirewall (void);
|
||||
void Fir_LogAccess (void);
|
||||
void Fir_PurgeFirewall (void);
|
||||
|
||||
void FW_CheckFirewallAndExitIfBanned (void);
|
||||
void FW_CheckFirewallAndExitIfTooManyRequests (void);
|
||||
void Fir_CheckFirewallAndExitIfBanned (void);
|
||||
void Fir_CheckFirewallAndExitIfTooManyRequests (void);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1622,7 +1622,7 @@ void Lay_RefreshNotifsAndConnected (void)
|
|||
if (!(Gbl.PID % 11))
|
||||
Ntf_SendPendingNotifByEMailToAllUsrs (); // Send pending notifications by email
|
||||
else if (!(Gbl.PID % 19))
|
||||
FW_PurgeFirewall (); // Remove old clicks from firewall
|
||||
Fir_PurgeFirewall (); // Remove old clicks from firewall
|
||||
else if (!(Gbl.PID % 23))
|
||||
Fil_RemoveOldTmpFiles (Cfg_PATH_FILE_BROWSER_TMP_PUBLIC ,Cfg_TIME_TO_DELETE_BROWSER_TMP_FILES ,false); // Remove the oldest temporary public directories used for downloading
|
||||
else if (!(Gbl.PID % 101))
|
||||
|
|
|
@ -115,9 +115,9 @@ int main (void)
|
|||
Par_GetMainParams ();
|
||||
|
||||
/***** Mitigate DoS attacks *****/
|
||||
FW_CheckFirewallAndExitIfBanned ();
|
||||
FW_LogAccess ();
|
||||
FW_CheckFirewallAndExitIfTooManyRequests ();
|
||||
Fir_CheckFirewallAndExitIfBanned ();
|
||||
Fir_LogAccess ();
|
||||
Fir_CheckFirewallAndExitIfTooManyRequests ();
|
||||
|
||||
Hie_InitHierarchy ();
|
||||
if (!Gbl.WebService.IsWebService)
|
||||
|
|
Loading…
Reference in New Issue