Bug 1513982 - Performance issues due to bad actor activity: Add option to block by...

diff --git a/Bugzilla/Config/Admin.pm b/Bugzilla/Config/Admin.pm
index cae4cb25d23edd0bcd77320089d839ccfaa09704..9d9e47d6e4ca6a9dc75854cbee224d6fe1b69a3b 100644 (file)
--- a/Bugzilla/Config/Admin.pm
+++ b/Bugzilla/Config/Admin.pm
@@ -44,7 +44,9 @@ sub get_param_list {
       updater => \&update_rate_limit_rules,
     },
 
-    {name => 'log_user_requests', type => 'b', default => 0,}
+    {name => 'log_user_requests', type => 'b', default => 0},
+
+    {name => 'block_user_agent', type => 't', default => ''},
   );
   return @param_list;
 }

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 078c9f02fa28315d5b10cb08624f7dd736d858f7..ab20b7ee4e75cc40656e648afd626a1ae46ff9a8 100644 (file)
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -32,6 +32,7 @@ use Bugzilla::Util ();
 use Cwd qw(realpath);
 use MojoX::Log::Log4perl::Tiny;
 use Bugzilla::WebService::Server::REST;
+use Try::Tiny;
 
 has 'static' => sub { Bugzilla::Quantum::Static->new };
 
@@ -49,6 +50,29 @@ sub startup {
   $self->plugin('Bugzilla::Quantum::Plugin::Helpers');
   $self->plugin('Bugzilla::Quantum::Plugin::OAuth2');
 
+  $self->hook(
+    before_routes => sub {
+      my ($c) = @_;
+      return if $c->stash->{'mojo.static'};
+
+      # It is possible the regexp is bad.
+      # If that is the case, we just log the error and continue on.
+      try {
+        my $regexp = Bugzilla->params->{block_user_agent};
+        if ($regexp && $c->req->headers->user_agent =~ /$regexp/) {
+          my $msg = "Contact " . Bugzilla->params->{maintainer};
+          $c->respond_to(
+            json => {json => {error => $msg}, status => 400},
+            any  => {text => "$msg\n",        status => 400},
+          );
+        }
+      }
+      catch {
+        ERROR($_);
+      };
+    }
+  );
+
   # hypnotoad is weird and doesn't look for MOJO_LISTEN itself.
   $self->config(
     hypnotoad => {

diff --git a/template/en/default/admin/params/admin.html.tmpl b/template/en/default/admin/params/admin.html.tmpl
index ee19418c7bf8af1e32b81c22eb1640012df0ecf5..5fdadcbf3f80af8060e441500aabc34ace0c4906 100644 (file)
--- a/template/en/default/admin/params/admin.html.tmpl
+++ b/template/en/default/admin/params/admin.html.tmpl
@@ -46,12 +46,15 @@ over 60 seconds. Valid keys are <code>get_b[%''%]ug</code> which covers JSONRPC,
                        "So, you have to turn on this option before any such deletions " _
                        "will ever happen."
 
+  block_user_agent => "This option is a regexp. When a client's user agent matches it, $terms.Bugzilla will not serve requests to it."
+
   last_visit_keep_days => "This option controls how many days $terms.Bugzilla will " _
-                          "remember when users visit specific ${terms.bugs}.",
+                           "remember when users visit specific ${terms.bugs}.",
+
+  rate_limit_active => "Allow some types of requests to be rate limited."
 
-   rate_limit_active => "Allow some types of requests to be rate limited."
+  rate_limit_rules => rate_limit_rules_desc
 
-   rate_limit_rules => rate_limit_rules_desc
+  log_user_requests => "This option controls logging of authenticated requests in the user_request_log table"}
 
-   log_user_requests => "This option controls logging of authenticated requests in the user_request_log table"}
 %]