var $garbage_timeout;
var $shm_sz;
- var $ban_list; // ban list (authized allowed)
- var $black_list; // black list (anti-dos, noone allowed)
+ var $ban_list; // ban list (authized allowed)
+ var $black_list; // black list (anti-dos, noone allowed)
+ var $cloud_smasher; // list of cloud ip ranges to be rejected
var $provider_proxy; // list of provider/browser that offer proxy service
var $ghost_sess;
var $delay_mgr;
}
// constructor
- static function create($crystal_filename, $ban_list, $black_list, $prov_proxy) {
+ static function create($crystal_filename, $ban_list, $black_list, $cloud_smasher, $prov_proxy) {
if (($brisk_ser = @file_get_contents($crystal_filename)) != FALSE) {
if (($brisk = unserialize($brisk_ser)) != FALSE) {
fprintf(STDERR, "ROOM FROM FILE\n");
rename($crystal_filename, $crystal_filename.".old");
- $brisk->reload(TRUE, $ban_list, $black_list, $prov_proxy);
+ $brisk->reload(TRUE, $ban_list, $black_list, $cloud_smasher, $prov_proxy);
return($brisk);
}
$thiz->ban_list = IpClass::create();
$thiz->black_list = IpClass::create();
+ $thiz->cloud_smasher = IpClass::create();
$thiz->provider_proxy = ProviderProxy::create();
$thiz->ghost_sess = new GhostSess();
static::$sess_cur = FALSE;
- $thiz->reload(TRUE, $ban_list, $black_list, $prov_proxy);
+ $thiz->reload(TRUE, $ban_list, $black_list, $cloud_smasher, $prov_proxy);
return ($thiz);
}
- function reload($is_first, $ban_list, $black_list, $prov_proxy)
+ function reload($is_first, $ban_list, $black_list, $cloud_smasher, $prov_proxy)
{
- fprintf(STDERR, "RELOAD STUFF (%d)(%d)(%d)\n", count($ban_list), count($black_list), count($prov_proxy));
+ fprintf(STDERR, "RELOAD STUFF (%d)(%d)(%d)(%d)\n",
+ count($ban_list), count($black_list), count($cloud_smasher), count($prov_proxy));
if (defined('CURL_DE_SAC_VERS')) {
if (brisk_cds_reload($this) == FALSE) {
}
$this->ban_list->update($ban_list);
$this->black_list->update($black_list);
+ $this->cloud_smasher->update($cloud_smasher);
$this->provider_proxy->update($prov_proxy);
if (!$is_first) {
continue;
// check if the IP is blacklisted
- if ($this->black_check($user_cur->ip)) {
+ if ($this->black_check($user_cur->ip) ||
+ $this->cloud_check($user_cur->ip)) {
$user_cur->lacc = 0;
$is_ban = TRUE;
continue;
return ($this->black_list->check($ip_str));
}
+ function cloud_check($ip_str)
+ {
+ return ($this->cloud_smasher->check($ip_str));
+ }
+
function pproxy_realip($header, $ip_str)
{
return ($this->provider_proxy->realip($header, $ip_str));
function request_mgr(&$s_a_p, $header, &$header_out, &$new_socket, $path, $addr, $get, $post, $cookie)
{
- GLOBAL $G_ban_list, $G_black_list, $G_provider_proxy;
+ GLOBAL $G_ban_list, $G_black_list, $G_cloud_smasher, $G_provider_proxy;
printf("NEW_SOCKET (root): %d PATH [%s]\n", intval($new_socket), $path);
// $remote_addr = addrtoipv4($addr);
$remote_addr = $this->pproxy_realip($header, addrtoipv4($addr));
- fprintf(STDERR, "\n\n\n PRE_BLACK_CHECK \n\n\n");
+ fprintf(STDERR, "\n\n\n PRE_BLACK [%s]\n\n\n", $remote_addr);
if ($this->black_check($remote_addr)) {
// TODO: waiting async 5 sec before close
fprintf(STDERR, "\n\n\n BLACK CHECK\n\n\n");
return (FALSE);
}
+ if ($path != "" && $path != "index.php") {
+ if ($this->cloud_check($remote_addr)) {
+ // TODO: waiting async 5 sec before close
+ return (FALSE);
+ }
+ }
$enc = get_encoding($header);
if (isset($header['User-Agent'])) {
{
GLOBAL $DOCUMENT_ROOT, $HTTP_HOST;
- GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_provider_proxy;
+ GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_cloud_smasher, $G_provider_proxy;
GLOBAL $G_btrace_pref_sub, $G_dbauth;
GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang;
GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list;
if ($line == "reload") {
require("$DOCUMENT_ROOT/Etc/".BRISK_CONF);
$this->app->reload(FALSE, $G_ban_list, $G_black_list,
- $G_provider_proxy);
+ $G_cloud_smasher, $G_provider_proxy);
global_dump();
}
else if ($line == "shutdown" || $line == "sd") {
projects / brisk.git / commitdiff