mirror of
https://github.com/znc/znc.git
synced 2026-07-06 01:41:12 +02:00
Added a global config option for IP-based session protection.
The new setting defaults to true, and is settable in the web admin panel. When set to false, IP address checks are ignored. For users behind proxies (students, large corporate networks) that don't guarantee a consistent IP, this makes the web admin panel much more usable.
This commit is contained in:
+1
-1
@@ -533,7 +533,7 @@ void CWebSock::OnPageRequest(const CString& sURI) {
|
||||
}
|
||||
|
||||
CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
|
||||
if (GetSession()->GetIP() != GetRemoteIP()) {
|
||||
if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) {
|
||||
PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
|
||||
return PAGE_DONE;
|
||||
}
|
||||
|
||||
@@ -89,6 +89,12 @@
|
||||
<div><input type="text" name="anoniplimit" value="<? VAR AnonIPLimit ?>" /></div>
|
||||
</div>
|
||||
<div style="clear: both;"></div>
|
||||
|
||||
<div class="subsection half">
|
||||
<div class="inputlabel">Protect Web Sessions:</div>
|
||||
<div><input type="text" name="protectwebsessions" value="<? VAR ProtectWebSessions ?>" /></div>
|
||||
</div>
|
||||
<div style="clear: both;"></div>
|
||||
|
||||
<div class="subsection twothird">
|
||||
<div class="inputlabel">MOTD:</div>
|
||||
|
||||
@@ -971,6 +971,7 @@ public:
|
||||
Tmpl["ConnectDelay"] = CString(CZNC::Get().GetConnectDelay());
|
||||
Tmpl["ServerThrottle"] = CString(CZNC::Get().GetServerThrottle());
|
||||
Tmpl["AnonIPLimit"] = CString(CZNC::Get().GetAnonIPLimit());
|
||||
Tmpl["ProtectWebSessions"] = CString(CZNC::Get().GetProtectWebSessions());
|
||||
|
||||
const VCString& vsBindHosts = CZNC::Get().GetBindHosts();
|
||||
for (unsigned int a = 0; a < vsBindHosts.size(); a++) {
|
||||
@@ -1061,6 +1062,7 @@ public:
|
||||
sArg = WebSock.GetParam("connectdelay"); CZNC::Get().SetConnectDelay(sArg.ToUInt());
|
||||
sArg = WebSock.GetParam("serverthrottle"); CZNC::Get().SetServerThrottle(sArg.ToUInt());
|
||||
sArg = WebSock.GetParam("anoniplimit"); CZNC::Get().SetAnonIPLimit(sArg.ToUInt());
|
||||
sArg = WebSock.GetParam("protectwebsessions"); CZNC::Get().SetProtectWebSessions(sArg.ToBool());
|
||||
|
||||
VCString vsArgs;
|
||||
WebSock.GetRawParam("motd").Split("\n", vsArgs);
|
||||
|
||||
@@ -38,6 +38,7 @@ CZNC::CZNC() {
|
||||
m_TimeStarted = time(NULL);
|
||||
m_sConnectThrottle.SetTTL(30000);
|
||||
m_pLockFile = NULL;
|
||||
m_bProtectWebSessions = true;
|
||||
}
|
||||
|
||||
CZNC::~CZNC() {
|
||||
@@ -452,6 +453,7 @@ bool CZNC::WriteConfig() {
|
||||
pFile->Write("AnonIPLimit = " + CString(m_uiAnonIPLimit) + "\n");
|
||||
pFile->Write("MaxBufferSize= " + CString(m_uiMaxBufferSize) + "\n");
|
||||
pFile->Write("SSLCertFile = " + CString(m_sSSLCertFile) + "\n");
|
||||
pFile->Write("ProtectWebSessions = " + CString(m_bProtectWebSessions) + "\n");
|
||||
|
||||
for (size_t l = 0; l < m_vpListeners.size(); l++) {
|
||||
CListener* pListener = m_vpListeners[l];
|
||||
@@ -1148,6 +1150,8 @@ bool CZNC::DoRehash(CString& sError)
|
||||
m_uiAnonIPLimit = sVal.ToUInt();
|
||||
if (config.FindStringEntry("maxbuffersize", sVal))
|
||||
m_uiMaxBufferSize = sVal.ToUInt();
|
||||
if (config.FindStringEntry("protectwebsessions", sVal))
|
||||
m_bProtectWebSessions = sVal.ToBool();
|
||||
|
||||
// This has to be after SSLCertFile is handled since it uses that value
|
||||
const char *szListenerEntries[] = {
|
||||
|
||||
@@ -84,6 +84,7 @@ public:
|
||||
void SetMaxBufferSize(unsigned int i) { m_uiMaxBufferSize = i; }
|
||||
void SetAnonIPLimit(unsigned int i) { m_uiAnonIPLimit = i; }
|
||||
void SetServerThrottle(unsigned int i) { m_sConnectThrottle.SetTTL(i*1000); }
|
||||
void SetProtectWebSessions(bool b) { m_bProtectWebSessions = b; }
|
||||
void SetConnectDelay(unsigned int i);
|
||||
// !Setters
|
||||
|
||||
@@ -111,6 +112,7 @@ public:
|
||||
unsigned int GetAnonIPLimit() const { return m_uiAnonIPLimit; }
|
||||
unsigned int GetServerThrottle() const { return m_sConnectThrottle.GetTTL() / 1000; }
|
||||
unsigned int GetConnectDelay() const { return m_uiConnectDelay; }
|
||||
bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
|
||||
// !Getters
|
||||
|
||||
// Static allocator
|
||||
@@ -181,6 +183,7 @@ protected:
|
||||
unsigned long long m_uBytesWritten;
|
||||
CConnectUserTimer *m_pConnectUserTimer;
|
||||
TCacheMap<CString> m_sConnectThrottle;
|
||||
bool m_bProtectWebSessions;
|
||||
};
|
||||
|
||||
#endif // !_ZNC_H
|
||||
|
||||
Reference in New Issue
Block a user