implement a protection against transparent proxies
This commit is contained in:
parent
9fa320838b
commit
10f93d0d43
@ -290,6 +290,12 @@
|
|||||||
// Ability to lock a board for normal users and still allow mods to post. Could also be useful for making an archive board
|
// Ability to lock a board for normal users and still allow mods to post. Could also be useful for making an archive board
|
||||||
$config['board_locked'] = false;
|
$config['board_locked'] = false;
|
||||||
|
|
||||||
|
// If poster's proxy supplies X-Forwarded-For header, check if poster's real IP is banned.
|
||||||
|
$config['proxy_check'] = false;
|
||||||
|
|
||||||
|
// If poster's proxy supplies X-Forwarded-For header, save it for further inspection and/or filtering.
|
||||||
|
$config['proxy_save'] = false;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Custom filters detect certain posts and reject/ban accordingly. They are made up of a condition and an
|
* Custom filters detect certain posts and reject/ban accordingly. They are made up of a condition and an
|
||||||
* action (for when ALL conditions are met). As every single post has to be put through each filter,
|
* action (for when ALL conditions are met). As every single post has to be put through each filter,
|
||||||
|
@ -810,12 +810,29 @@ function checkBan($board = false) {
|
|||||||
if (event('check-ban', $board))
|
if (event('check-ban', $board))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
$bans = Bans::find($_SERVER['REMOTE_ADDR'], $board, $config['show_modname']);
|
$ips = array();
|
||||||
|
|
||||||
|
$ips[] = $_SERVER['REMOTE_ADDR'];
|
||||||
|
|
||||||
|
if ($config['proxy_check'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$ips = array_merge($ips, explode(", ", $_SERVER['HTTP_X_FORWARDED_FOR']));
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($ips as $ip) {
|
||||||
|
$bans = Bans::find($_SERVER['REMOTE_ADDR'], $board, $config['show_modname']);
|
||||||
|
|
||||||
foreach ($bans as &$ban) {
|
foreach ($bans as &$ban) {
|
||||||
if ($ban['expires'] && $ban['expires'] < time()) {
|
if ($ban['expires'] && $ban['expires'] < time()) {
|
||||||
Bans::delete($ban['id']);
|
Bans::delete($ban['id']);
|
||||||
if ($config['require_ban_view'] && !$ban['seen']) {
|
if ($config['require_ban_view'] && !$ban['seen']) {
|
||||||
|
if (!isset($_POST['json_response'])) {
|
||||||
|
displayBan($ban);
|
||||||
|
} else {
|
||||||
|
header('Content-Type: text/json');
|
||||||
|
die(json_encode(array('error' => true, 'banned' => true)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
if (!isset($_POST['json_response'])) {
|
if (!isset($_POST['json_response'])) {
|
||||||
displayBan($ban);
|
displayBan($ban);
|
||||||
} else {
|
} else {
|
||||||
@ -823,13 +840,6 @@ function checkBan($board = false) {
|
|||||||
die(json_encode(array('error' => true, 'banned' => true)));
|
die(json_encode(array('error' => true, 'banned' => true)));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
if (!isset($_POST['json_response'])) {
|
|
||||||
displayBan($ban);
|
|
||||||
} else {
|
|
||||||
header('Content-Type: text/json');
|
|
||||||
die(json_encode(array('error' => true, 'banned' => true)));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
7
post.php
7
post.php
@ -516,7 +516,7 @@ if (isset($_POST['delete'])) {
|
|||||||
"\n<tinyboard flag alt>".geoip\geoip_country_name_by_addr_v6($gi, ipv4to6($_SERVER['REMOTE_ADDR']))."</tinyboard>";
|
"\n<tinyboard flag alt>".geoip\geoip_country_name_by_addr_v6($gi, ipv4to6($_SERVER['REMOTE_ADDR']))."</tinyboard>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($config['user_flag'] && isset($_POST['user_flag']))
|
if ($config['user_flag'] && isset($_POST['user_flag']))
|
||||||
if (!empty($_POST['user_flag']) ){
|
if (!empty($_POST['user_flag']) ){
|
||||||
|
|
||||||
@ -530,6 +530,11 @@ if (isset($_POST['delete'])) {
|
|||||||
$post['body'] .= "\n<tinyboard flag>" . strtolower($user_flag) . "</tinyboard>" .
|
$post['body'] .= "\n<tinyboard flag>" . strtolower($user_flag) . "</tinyboard>" .
|
||||||
"\n<tinyboard flag alt>" . $flag_alt . "</tinyboard>";
|
"\n<tinyboard flag alt>" . $flag_alt . "</tinyboard>";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($config['proxy_save'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$proxy = preg_replace("/[^0-9a-fA-F.,: ]/", '', $_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||||
|
$post['body'] .= "\n<tinyboard proxy>".$proxy."</tinyboard>";
|
||||||
|
}
|
||||||
|
|
||||||
if (mysql_version() >= 50503) {
|
if (mysql_version() >= 50503) {
|
||||||
$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
|
$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
|
||||||
|
Loading…
Reference in New Issue
Block a user