Fossil SCM
Show a summary of robot defenses on the security audit page.
Commit
9018c6f22ae8afc0f96dd941db01cb507c3f0f0d67cf56360a8176e378c4eb77
Parent
3771f2d635ad6d9…
2 files changed
+1
-1
+28
-1
+1
-1
| --- src/loadctrl.c | ||
| +++ src/loadctrl.c | ||
| @@ -50,11 +50,11 @@ | ||
| 50 | 50 | ** Abort the current page request if the load average of the host |
| 51 | 51 | ** computer is too high. Admin and Setup users are exempt from this |
| 52 | 52 | ** restriction. |
| 53 | 53 | */ |
| 54 | 54 | void load_control(void){ |
| 55 | - double mxLoad = atof(db_get("max-loadavg", 0)); | |
| 55 | + double mxLoad = atof(db_get("max-loadavg", "0.0")); | |
| 56 | 56 | #if 1 |
| 57 | 57 | /* Disable this block only to test load restrictions */ |
| 58 | 58 | if( mxLoad<=0.0 || mxLoad>=load_average() ) return; |
| 59 | 59 | |
| 60 | 60 | login_check_credentials(); |
| 61 | 61 |
| --- src/loadctrl.c | |
| +++ src/loadctrl.c | |
| @@ -50,11 +50,11 @@ | |
| 50 | ** Abort the current page request if the load average of the host |
| 51 | ** computer is too high. Admin and Setup users are exempt from this |
| 52 | ** restriction. |
| 53 | */ |
| 54 | void load_control(void){ |
| 55 | double mxLoad = atof(db_get("max-loadavg", 0)); |
| 56 | #if 1 |
| 57 | /* Disable this block only to test load restrictions */ |
| 58 | if( mxLoad<=0.0 || mxLoad>=load_average() ) return; |
| 59 | |
| 60 | login_check_credentials(); |
| 61 |
| --- src/loadctrl.c | |
| +++ src/loadctrl.c | |
| @@ -50,11 +50,11 @@ | |
| 50 | ** Abort the current page request if the load average of the host |
| 51 | ** computer is too high. Admin and Setup users are exempt from this |
| 52 | ** restriction. |
| 53 | */ |
| 54 | void load_control(void){ |
| 55 | double mxLoad = atof(db_get("max-loadavg", "0.0")); |
| 56 | #if 1 |
| 57 | /* Disable this block only to test load restrictions */ |
| 58 | if( mxLoad<=0.0 || mxLoad>=load_average() ) return; |
| 59 | |
| 60 | login_check_credentials(); |
| 61 |
+28
-1
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -576,11 +576,11 @@ | ||
| 576 | 576 | @ from throttling expensive operations during peak demand. |
| 577 | 577 | @ If running in a chroot jail on Linux, verify that the /proc |
| 578 | 578 | @ filesystem is mounted within the jail, so that the load average |
| 579 | 579 | @ can be obtained from the /proc/loadavg file. |
| 580 | 580 | }else { |
| 581 | - double r = atof(db_get("max-loadavg", 0)); | |
| 581 | + double r = atof(db_get("max-loadavg", "0.0")); | |
| 582 | 582 | if( r<=0.0 ){ |
| 583 | 583 | @ <li><p> |
| 584 | 584 | @ Load average limiting is turned off. This can cause the server |
| 585 | 585 | @ to bog down if many requests for expensive services (such as |
| 586 | 586 | @ large diffs or tarballs) arrive at about the same time. |
| @@ -692,10 +692,37 @@ | ||
| 692 | 692 | @ </pre></blockquote> |
| 693 | 693 | @ </p> |
| 694 | 694 | table_of_public_phantoms(); |
| 695 | 695 | @ </li> |
| 696 | 696 | } |
| 697 | + | |
| 698 | + @ <li><p>Robot Defenses: | |
| 699 | + @ <ol> | |
| 700 | + switch( db_get_int("auto-hyperlink",1) ){ | |
| 701 | + default: | |
| 702 | + @ <li> No auto-enable of hyperlinks. | |
| 703 | + break; | |
| 704 | + case 1: | |
| 705 | + @ <li> Hyperlinks auto-enabled based on UserAgent and Javascript. | |
| 706 | + break; | |
| 707 | + case 2: | |
| 708 | + @ <li> Hyperlinks auto-enabled based on UserAgent only. | |
| 709 | + break; | |
| 710 | + } | |
| 711 | + z = db_get("max-loadavg",0); | |
| 712 | + if( z && atof(z)>0.0 ){ | |
| 713 | + @ <li> Maximum load average for expensive requests: %h(z); | |
| 714 | + }else{ | |
| 715 | + @ <li> No limits on the load average | |
| 716 | + } | |
| 717 | + z = db_get("robot-restrict",0); | |
| 718 | + if( z==0 ){ | |
| 719 | + @ <li> No complex-request constraints on robots | |
| 720 | + }else{ | |
| 721 | + @ <li> Complex requests limited for pages matching: %h(z) | |
| 722 | + } | |
| 723 | + @ </ol> | |
| 697 | 724 | |
| 698 | 725 | blob_init(&cmd, 0, 0); |
| 699 | 726 | for(i=0; g.argvOrig[i]!=0; i++){ |
| 700 | 727 | blob_append_escaped_arg(&cmd, g.argvOrig[i], 0); |
| 701 | 728 | } |
| 702 | 729 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -576,11 +576,11 @@ | |
| 576 | @ from throttling expensive operations during peak demand. |
| 577 | @ If running in a chroot jail on Linux, verify that the /proc |
| 578 | @ filesystem is mounted within the jail, so that the load average |
| 579 | @ can be obtained from the /proc/loadavg file. |
| 580 | }else { |
| 581 | double r = atof(db_get("max-loadavg", 0)); |
| 582 | if( r<=0.0 ){ |
| 583 | @ <li><p> |
| 584 | @ Load average limiting is turned off. This can cause the server |
| 585 | @ to bog down if many requests for expensive services (such as |
| 586 | @ large diffs or tarballs) arrive at about the same time. |
| @@ -692,10 +692,37 @@ | |
| 692 | @ </pre></blockquote> |
| 693 | @ </p> |
| 694 | table_of_public_phantoms(); |
| 695 | @ </li> |
| 696 | } |
| 697 | |
| 698 | blob_init(&cmd, 0, 0); |
| 699 | for(i=0; g.argvOrig[i]!=0; i++){ |
| 700 | blob_append_escaped_arg(&cmd, g.argvOrig[i], 0); |
| 701 | } |
| 702 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -576,11 +576,11 @@ | |
| 576 | @ from throttling expensive operations during peak demand. |
| 577 | @ If running in a chroot jail on Linux, verify that the /proc |
| 578 | @ filesystem is mounted within the jail, so that the load average |
| 579 | @ can be obtained from the /proc/loadavg file. |
| 580 | }else { |
| 581 | double r = atof(db_get("max-loadavg", "0.0")); |
| 582 | if( r<=0.0 ){ |
| 583 | @ <li><p> |
| 584 | @ Load average limiting is turned off. This can cause the server |
| 585 | @ to bog down if many requests for expensive services (such as |
| 586 | @ large diffs or tarballs) arrive at about the same time. |
| @@ -692,10 +692,37 @@ | |
| 692 | @ </pre></blockquote> |
| 693 | @ </p> |
| 694 | table_of_public_phantoms(); |
| 695 | @ </li> |
| 696 | } |
| 697 | |
| 698 | @ <li><p>Robot Defenses: |
| 699 | @ <ol> |
| 700 | switch( db_get_int("auto-hyperlink",1) ){ |
| 701 | default: |
| 702 | @ <li> No auto-enable of hyperlinks. |
| 703 | break; |
| 704 | case 1: |
| 705 | @ <li> Hyperlinks auto-enabled based on UserAgent and Javascript. |
| 706 | break; |
| 707 | case 2: |
| 708 | @ <li> Hyperlinks auto-enabled based on UserAgent only. |
| 709 | break; |
| 710 | } |
| 711 | z = db_get("max-loadavg",0); |
| 712 | if( z && atof(z)>0.0 ){ |
| 713 | @ <li> Maximum load average for expensive requests: %h(z); |
| 714 | }else{ |
| 715 | @ <li> No limits on the load average |
| 716 | } |
| 717 | z = db_get("robot-restrict",0); |
| 718 | if( z==0 ){ |
| 719 | @ <li> No complex-request constraints on robots |
| 720 | }else{ |
| 721 | @ <li> Complex requests limited for pages matching: %h(z) |
| 722 | } |
| 723 | @ </ol> |
| 724 | |
| 725 | blob_init(&cmd, 0, 0); |
| 726 | for(i=0; g.argvOrig[i]!=0; i++){ |
| 727 | blob_append_escaped_arg(&cmd, g.argvOrig[i], 0); |
| 728 | } |
| 729 |