diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-08-28 21:51:00 +0200 |
|---|---|---|
| committer | Mary Umoh <umohm12@gmail.com> | 2017-08-28 21:51:00 +0200 |
| commit | e34cba8c9c127203e56f3679cd627d2d1d72f54e (patch) | |
| tree | 177bb3ba6942925ab3a7bd2bfbf1baccd1eafd43 /Bugzilla.pm | |
| parent | 0fdb8be1599283df80ae3b52f2254b847152a60f (diff) | |
| download | bugzilla-e34cba8c9c127203e56f3679cd627d2d1d72f54e.tar.gz bugzilla-e34cba8c9c127203e56f3679cd627d2d1d72f54e.tar.xz | |
Bug 1393643 - Add whitelist to rate limiting code (#220)
* Bug 1393643 - Add whitelist to rate limiting code
* use version that has new module
* add memcache to bloomfilter loading
Diffstat (limited to 'Bugzilla.pm')
| -rw-r--r-- | Bugzilla.pm | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index cf004d4fc..bf8f99625 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -42,6 +42,7 @@ use Bugzilla::Token; use Bugzilla::User; use Bugzilla::Util; use Bugzilla::CPAN; +use Bugzilla::Bloomfilter; use Bugzilla::Metrics::Collector; use Bugzilla::Metrics::Template; @@ -765,7 +766,7 @@ sub elastic { } sub check_rate_limit { - my ($class, $name, $id) = @_; + my ($class, $name, $ip) = @_; my $params = Bugzilla->params; if ($params->{rate_limit_active}) { my $rules = decode_json($params->{rate_limit_rules}); @@ -774,9 +775,15 @@ sub check_rate_limit { warn "no rules for $name!"; return 0; } - if (Bugzilla->memcached->should_rate_limit("$name:$id", @$limit)) { - Bugzilla->audit("[rate_limit] $id exceeds rate limit $name: " . join("/", @$limit)); - ThrowUserError("rate_limit"); + if (Bugzilla->memcached->should_rate_limit("$name:$ip", @$limit)) { + my $action = 'block'; + my $filter = Bugzilla::Bloomfilter->lookup("rate_limit_whitelist"); + if ($filter && $filter->test($ip)) { + $action = 'ignore'; + } + my $limit = join("/", @$limit); + Bugzilla->audit("[rate_limit] action=$action, ip=$ip, limit=$limit"); + ThrowUserError("rate_limit") if $action eq 'block'; } } } |