Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
This commit is contained in:
Jacques Distler 2008-12-16 00:40:30 -06:00
parent 9237858256
commit 5d2b0da4d5
10 changed files with 61 additions and 25 deletions

View file

@ -2,6 +2,7 @@ class AdminController < ApplicationController
layout 'default'
cache_sweeper :web_sweeper
before_filter :dnsbl_check
def create_system
if @wiki.setup?

View file

@ -3,7 +3,7 @@
class ApplicationController < ActionController::Base
# require 'dnsbl_check'
protect_forms_from_spam
before_filter :dnsbl_check, :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
before_filter :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
after_filter :remember_location, :teardown_url_generator
# For injecting a different wiki model implementation. Intended for use in tests

View file

@ -7,7 +7,7 @@ class FileController < ApplicationController
layout 'default'
before_filter :check_allow_uploads
before_filter :dnsbl_check, :check_allow_uploads
def file
@file_name = params['id']

View file

@ -7,6 +7,7 @@ require 'resolv'
class WikiController < ApplicationController
before_filter :load_page
before_filter :dnsbl_check, :only => [:edit, :new, :save]
caches_action :show, :published, :authors, :tex, :s5, :print, :recently_revised, :list,
:atom_with_content, :atom_with_headlines, :if => Proc.new { |c| c.send(:do_caching?) }
cache_sweeper :revision_sweeper

View file

@ -602,6 +602,21 @@ class WikiControllerTest < Test::Unit::TestCase
assert !home_page.locked?(Time.now)
end
def test_dnsbl_filter_deny_action
@request.remote_addr = "127.0.0.2"
r = process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => "Contents of a new page\r\n",
'author' => 'AuthorOfNewPage'
assert_equal 403, r.response_code
end
def test_dnsbl_filter_allow_action
@request.remote_addr = "127.0.0.2"
r = process 'show', 'id' => 'Oak', 'web' => 'wiki1'
assert_response :success
assert_tag :content => /All about oak/
end
def test_spam_filters
revisions_before = @home.revisions.size
@home.lock(Time.now, 'AnAuthor')

View file

@ -1,6 +1,7 @@
This plugin checks if the client is listed in RBLs (Real-time Blackhole Lists).
These are lists of IP addresses misbehaving. There are many RBLs, some are more
aggressive than others. More information at http://en.wikipedia.org/wiki/DNSBL
This plugin checks if a user of your web application is listed in DNSBLs
(DNS Blackhole Lists). These are lists of misbehaving IP addresses.
There are many DNSBLs, some are more aggressive than others.
More information at http://en.wikipedia.org/wiki/DNSBL
This filter will result in one DNS request for every blocklist that you have
configured. This might be problematic for sites under heavy load, although this
@ -10,23 +11,23 @@ request takes a few miliseconds to complete, after all.
INSTALLATION
1. Download dnsbl_check-(version).tar.gz. You agree to the license.
2. Go to your application's 'vendor/plugins' directory
3. Untar (un-winzip) the above file: tar xvfz dnsbl_check.tar.gz
4. Restart your application.
1. execute "script/plugin install http://www.spacebabies.nl/svn/dnsbl_check"
2. add "before_filter :dnsbl_check" to controllers that need checking
3. restart your application.
VERSION HISTORY
0.1 18 June 2006 Initial release
0.2 10 June 2006 Renamed to dnsbl_check, bugfix
0.3 20 June 2006 Removed sorbs from distribution, was not supposed to be included (too aggressive)
0.4 18 July 2006 Explicit return false added, moved to a per-controller basis (not global anymore)
1.0 16 August 2006 Renamed 0.4 to 1.0. I have been using the plugin very succesfully for months now.
1.1 17 October 2006 Multithreaded version
1.2 23 October 2006 Using the native Ruby resolver library for better multithreaded support
1.2.1 25 October 2006 Accepts a wider range of dns responses
1.2.2 11 December 2006 dnsbls are seemingly under attack, added code to cope with failing service
0.1 18 June 2006 Initial release
0.2 10 June 2006 Renamed to dnsbl_check, bugfix
0.3 20 June 2006 Removed sorbs from distribution, was not supposed to be included (too aggressive)
0.4 18 July 2006 Explicit return false added, moved to a per-controller basis (not global anymore)
1.0 16 August 2006 Renamed 0.4 to 1.0. I have been using the plugin very succesfully for months now.
1.1 17 October 2006 Multithreaded version
1.2 23 October 2006 Using the native Ruby resolver library for better multithreaded support
1.2.1 25 October 2006 Accepts a wider range of dns responses
1.2.2 11 December 2006 dnsbls are seemingly under attack, added code to cope with failing service
1.3 30 November 2007 Chique 403 template, moved to Subversion based installation
MORE INFORMATION

View file

@ -16,7 +16,7 @@
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Version 1.2
# Version 1.3
# http://www.spacebabies.nl/dnsbl_check
require 'resolv'
@ -27,6 +27,7 @@ module DNSBL_Check
private
# Filter to check if the client is listed. This will be run before all requests.
def dnsbl_check
return true if respond_to?(:logged_in?) && logged_in?
return true if $dnsbl_passed.include? request.remote_addr
passed = true
@ -48,7 +49,8 @@ module DNSBL_Check
# Add client ip to global passed cache if no dnsbls objected. else deny service.
if passed
$dnsbl_passed = $dnsbl_passed[0,49].unshift request.remote_addr
# $dnsbl_passed = $dnsbl_passed[0,99].unshift request.remote_addr
$dnsbl_passed.push request.remote_addr
logger.warn("#{request.remote_addr} added to DNSBL passed cache")
else
render :text => 'Access denied', :status => 403

View file

@ -1,9 +1,11 @@
Authors:
Code and patches from:
* [Andrea Censi](http://www.dis.uniroma1.it/~acensi)
* [Jacques Distler](http://golem.ph.utexas.edu/~distler)
* Paul Dlug
* [Ari Stern](http://www.acm.caltech.edu/~astern)
* Damir Zekic (z3c)
* Alexandr Mankuta (cheba)
Bug reporting, feature requests and praise:
@ -12,6 +14,6 @@ Bug reporting, feature requests and praise:
* Aggelos Orfanakos
* Louis Marascio
* Elliot Cable
* ....
(if you think your name should be here, I probably forgot to add it: tell me!)

View file

@ -1,7 +1,20 @@
OpenDiv = /^[ ]{0,3}\+\-\-+\s*(.*)$/
CloseDiv = /^[ ]{0,3}\=\-\-+\s*(.*)$/
#+-----------------------------------{.warning}------
#| this is the last warning!
#|
#| please, go away!
#|
#| +------------------------------------- {.menace} --
#| | or else terrible things will happen
#| +--------------------------------------------------
#+---------------------------------------------------
OpenDiv = /^[ ]{0,3}\+\-\-+\s*(\{([^{}]*|".*"|'.*')*\})?\s*\-*\s*$/
CloseDiv = /^[ ]{0,3}\=\-\-+\s*(\{([^{}]*|".*"|'.*')*\})?\s*\-*\s*$/
# note these are not enough for parsing the above example:
#OpenDiv = /^[ ]{0,3}\+\-\-+\s*(.*)$/
#CloseDiv = /^[ ]{0,3}\=\-\-+\s*(.*)$/
StartPipe = /^[ ]{0,3}\|(.*)$/ # $1 is rest of line
DecorativeClosing = OpenDiv

View file

@ -442,7 +442,8 @@ module MaRuKu; module In; module Markdown; module SpanLevelParser
SPACE = ?\ # = 32
# R_REF_ID = Regexp.compile(/([^\]\s]*)(\s*\])/)
R_REF_ID = Regexp.compile(/([^\]\s]*)(\s*\])/)
# R_REF_ID = Regexp.compile(/([^\]\s]*)(\s*\])/)
R_REF_ID = Regexp.compile(/([^\]]*)\]/)
# Reads a bracketed id "[refid]". Consumes also both brackets.
def read_ref_id(src, con)