Bug 1520582 - Block ips of users that get too many page errors

diff --git a/Bugzilla.pm b/Bugzilla.pm
index b9c3efa3e3abea6fad8f5c7a9178161c6d7574f1..1797f46513647f3377b9b70bbe2219d773704e9c 100644 (file)
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -769,7 +769,8 @@ sub elastic {
 }
 
 sub check_rate_limit {
-  my ($class, $name, $ip) = @_;
+  my ($class, $name, $ip, $throw_error) = @_;
+  $throw_error //= sub { ThrowUserError("rate_limit") };
   my $params = Bugzilla->params;
   if ($params->{rate_limit_active}) {
     my $rules = decode_json($params->{rate_limit_rules});
@@ -789,7 +790,7 @@ sub check_rate_limit {
         "[rate_limit] action=$action, ip=$ip, limit=$limit, name=$name");
       if ($action eq 'block') {
         $Bugzilla::App::CGI::C->block_ip($ip);
-        ThrowUserError("rate_limit");
+        $throw_error->();
       }
     }
   }

diff --git a/Bugzilla/Config/Admin.pm b/Bugzilla/Config/Admin.pm
index b1b9371a5da15c689920e10b2df60d3e7d109d5d..6a3592e62f308fd0799e6115a03ad87f2eaef453 100644 (file)
--- a/Bugzilla/Config/Admin.pm
+++ b/Bugzilla/Config/Admin.pm
@@ -58,6 +58,7 @@ sub default_rate_limit_rules {
     github          => [10, 60],
     get_attachments => [75, 60],
     get_comments    => [75, 60],
+    webpage_errors  => [75, 60],
   });
 }
 
@@ -75,6 +76,7 @@ sub check_rate_limit_rules {
   my @required = qw(
     show_bug github get_bug
     get_attachments get_comments
+    webpage_errors
   );
   foreach my $required (@required) {
     return "missing $required" unless exists $val->{$required};
@@ -89,6 +91,7 @@ sub update_rate_limit_rules {
   $val->{github}          = [10, 60];
   $val->{get_attachments} = [75, 60];
   $val->{get_comments}    = [75, 60];
+  $val->{webpage_errors}  = [75, 60];
   return encode_json($val);
 }
 

diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm
index 00c11b5884a37dd0bfbc4632725456acb3ec9824..d47498372002408cb025d0c3fb7a1d3c6913ae7a 100644 (file)
--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -86,6 +86,7 @@ sub _throw_error {
   }
 
   if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
+    Bugzilla->check_rate_limit("webpage_errors", remote_ip(), sub { $vars->{rate_limit_error} = 1 });
     my $cgi = Bugzilla->cgi;
     $cgi->close_standby_message('text/html', 'inline', 'error', 'html');
     $template->process($name, $vars) || ThrowTemplateError($template->error());

diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 0a404b9f056a443ddb1ea6e7c3b758e24a43394e..8b2624458ee74b23096fdef88b46ff2cb48a7c9e 100644 (file)
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -545,6 +545,7 @@
 
 <p class="throw_error">
   [% error_message FILTER none %]
+  [% IF rate_limit_error %] (rate limit exceeded) [% END %]
 </p>
 
 [% IF variables %]

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 2c9f0153662ada84a9d9b377ff7dca02f49597a0..29b358b2b68b57252d81d0a82e6abcf678b63acd 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -2012,6 +2012,7 @@
   <tr>
     <td id="error_msg" class="throw_error">
       [% error_message FILTER none %]
+      [% IF rate_limit_error %] (rate limit exceeded) [% END %]
     </td>
   </tr>
 </table>