![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Create a new ban type for persistent spammers
[commit: http://hg.dwscoalition.org/dw-free/rev/11050b94baf5]
http://bugs.dwscoalition.org/show_bug.cgi?id=1317
Add ability to ban an IP so the user must log in to use the site for extreme
cases of anonymous/logged out issues.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
afuna.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1317
Add ability to ban an IP so the user must log in to use the site for extreme
cases of anonymous/logged out issues.
Patch by
afuna.Files modified:
- cgi-bin/Apache/LiveJournal.pm
- cgi-bin/sysban.pl
- etc/config.pl
- htdocs/admin/sysban.bml
--------------------------------------------------------------------------------
diff -r 4060651ad41a -r 11050b94baf5 cgi-bin/Apache/LiveJournal.pm
--- a/cgi-bin/Apache/LiveJournal.pm Mon Aug 10 01:53:23 2009 +0000
+++ b/cgi-bin/Apache/LiveJournal.pm Mon Aug 10 02:08:28 2009 +0000
@@ -233,6 +233,29 @@ sub blocked_bot
return OK;
}
+sub blocked_anon
+{
+ my $r = shift;
+ $r->status_line( "403 Denied" );
+ $r->content_type( "text/html" );
+
+ my $subject = $LJ::BLOCKED_ANON_SUBJECT || "403 Denied";
+ my $message = $LJ::BLOCKED_ANON_MESSAGE;
+
+ unless ( $message ) {
+ $message = "You don't have permission to access $LJ::SITENAME. Please first <a href='$LJ::SITEROOT/login.bml?usescheme=lynx'>log in</a>.";
+
+ if ( $LJ::BLOCKED_ANON_URI ) {
+ $message .= " <a href='$LJ::BLOCKED_ANON_URI'>Why can't I access the site without logging in?</a>";
+ }
+ }
+
+ $r->print( "<html><head><title>$subject</title></head><body>" );
+ $r->print( "<h1>$subject</h1> $message" );
+ $r->print( "</body></html>" );
+ return OK;
+}
+
sub trans
{
my $r = shift;
@@ -378,7 +401,28 @@ sub trans
}
}
- # check for sysbans on ip address
+ # block on IP address for anonymous users but allow users to log in,
+ # and logged in users to go through
+
+ # we're not logged in, and we're not in the middle of logging in
+ unless ( LJ::get_remote() || LJ::remote_bounce_url() ) {
+ # blocked anon uri contains more information for the user
+ # re: why they're banned, and what they should do
+ unless ( ( $LJ::BLOCKED_ANON_URI && index( $uri, $LJ::BLOCKED_ANON_URI ) == 0 )
+ # allow the user to go through login and subdomain cookie checking paths
+ || $uri =~ m!^(?:/login|/__setdomsess|/misc/get_domain_session)!) {
+
+ foreach my $ip (@req_hosts) {
+ if ( LJ::sysban_check( 'noanon_ip', $ip ) ) {
+ $r->handler( "perl-script" );
+ $r->push_handlers( PerlResponseHandler => \&blocked_anon );
+ return OK;
+ }
+ }
+ }
+ }
+
+ # check for sysbans on ip address, and block the ip address completely
unless ( $LJ::BLOCKED_BOT_URI && index( $uri, $LJ::BLOCKED_BOT_URI ) == 0 ) {
foreach my $ip (@req_hosts) {
if ( LJ::sysban_check( 'ip', $ip ) ) {
diff -r 4060651ad41a -r 11050b94baf5 cgi-bin/sysban.pl
--- a/cgi-bin/sysban.pl Mon Aug 10 01:53:23 2009 +0000
+++ b/cgi-bin/sysban.pl Mon Aug 10 02:08:28 2009 +0000
@@ -436,6 +436,7 @@ sub sysban_validate {
'talk_ip_test' => 'ip',
'invite_user' => 'user',
'invite_email' => 'email',
+ 'noanon_ip' => 'ip',
);
while (my ($new, $existing) = splice(@map, 0, 2)) {
diff -r 4060651ad41a -r 11050b94baf5 etc/config.pl
--- a/etc/config.pl Mon Aug 10 01:53:23 2009 +0000
+++ b/etc/config.pl Mon Aug 10 02:08:28 2009 +0000
@@ -868,6 +868,10 @@
# enable contextual hover
$CTX_POPUP = 1;
+
+ # page that 'noanon_ip' sysbanned users can access to get more information
+ # on why they're banned
+ # $BLOCKED_ANON_URI = '';
}
1;
diff -r 4060651ad41a -r 11050b94baf5 htdocs/admin/sysban.bml
--- a/htdocs/admin/sysban.bml Mon Aug 10 01:53:23 2009 +0000
+++ b/htdocs/admin/sysban.bml Mon Aug 10 02:08:28 2009 +0000
@@ -33,7 +33,7 @@ body<=
my @all_sb_args = qw( ip uniq email email_domain user pay_cc
pay_user pay_email pay_uniq support_user
support_uniq lostpassword talk_ip_test
- invite_user invite_email );
+ invite_user invite_email noanon_ip );
my $remote = LJ::get_remote();
return "<?needlogin?>" unless $remote;
--------------------------------------------------------------------------------