From: Dylan William Hardison Date: Thu, 13 Dec 2018 18:27:11 +0000 (-0500) Subject: Bug 1513982 - Performance issues due to bad actor activity: Add option to block by... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52e55d8a0ec6c69bed4136de19b12721fe19ffd3;p=thirdparty%2Fbugzilla.git Bug 1513982 - Performance issues due to bad actor activity: Add option to block by user agent regexp --- diff --git a/Bugzilla/Config/Admin.pm b/Bugzilla/Config/Admin.pm index cae4cb25d..9d9e47d6e 100644 --- a/Bugzilla/Config/Admin.pm +++ b/Bugzilla/Config/Admin.pm @@ -44,7 +44,9 @@ sub get_param_list { updater => \&update_rate_limit_rules, }, - {name => 'log_user_requests', type => 'b', default => 0,} + {name => 'log_user_requests', type => 'b', default => 0}, + + {name => 'block_user_agent', type => 't', default => ''}, ); return @param_list; } diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm index 078c9f02f..ab20b7ee4 100644 --- a/Bugzilla/Quantum.pm +++ b/Bugzilla/Quantum.pm @@ -32,6 +32,7 @@ use Bugzilla::Util (); use Cwd qw(realpath); use MojoX::Log::Log4perl::Tiny; use Bugzilla::WebService::Server::REST; +use Try::Tiny; has 'static' => sub { Bugzilla::Quantum::Static->new }; @@ -49,6 +50,29 @@ sub startup { $self->plugin('Bugzilla::Quantum::Plugin::Helpers'); $self->plugin('Bugzilla::Quantum::Plugin::OAuth2'); + $self->hook( + before_routes => sub { + my ($c) = @_; + return if $c->stash->{'mojo.static'}; + + # It is possible the regexp is bad. + # If that is the case, we just log the error and continue on. + try { + my $regexp = Bugzilla->params->{block_user_agent}; + if ($regexp && $c->req->headers->user_agent =~ /$regexp/) { + my $msg = "Contact " . Bugzilla->params->{maintainer}; + $c->respond_to( + json => {json => {error => $msg}, status => 400}, + any => {text => "$msg\n", status => 400}, + ); + } + } + catch { + ERROR($_); + }; + } + ); + # hypnotoad is weird and doesn't look for MOJO_LISTEN itself. $self->config( hypnotoad => { diff --git a/template/en/default/admin/params/admin.html.tmpl b/template/en/default/admin/params/admin.html.tmpl index ee19418c7..5fdadcbf3 100644 --- a/template/en/default/admin/params/admin.html.tmpl +++ b/template/en/default/admin/params/admin.html.tmpl @@ -46,12 +46,15 @@ over 60 seconds. Valid keys are get_b[%''%]ug which covers JSONRPC, "So, you have to turn on this option before any such deletions " _ "will ever happen." + block_user_agent => "This option is a regexp. When a client's user agent matches it, $terms.Bugzilla will not serve requests to it." + last_visit_keep_days => "This option controls how many days $terms.Bugzilla will " _ - "remember when users visit specific ${terms.bugs}.", + "remember when users visit specific ${terms.bugs}.", + + rate_limit_active => "Allow some types of requests to be rate limited." - rate_limit_active => "Allow some types of requests to be rate limited." + rate_limit_rules => rate_limit_rules_desc - rate_limit_rules => rate_limit_rules_desc + log_user_requests => "This option controls logging of authenticated requests in the user_request_log table"} - log_user_requests => "This option controls logging of authenticated requests in the user_request_log table"} %]