Forum OpenACS Development: generalize rp


	The Toolkit for Online Communities 15938 Community Members, 1 member online, 2294 visitors today			Log In	Register

Forum OpenACS Development: generalize rp_filter feature

OpenACS Home : Forums : OpenACS Development : generalize rp_filter feature

Back to OpenACS Development

Icon of Envelope Request notifications

1: generalize rp_filter feature

Posted by Torben Brosten on 07/16/10 11:58 PM

Hi,

rp_filter currently blocks specific "NASTY" user-agents.

It would be really handy if filtering included Host requests.

Both filters would be generalized by using a parameter for each (so the APM wouldn't need to Watch acs-tcl/tcl/request-processor-procs.tcl when making changes etc).

Any objection to this in theory?

It seems especially relevant for ecommerce and sites regularly under attack.

I'm working on code for it now

2: Re: generalize rp_filter feature (response to 1)

Posted by Torben Brosten on 07/17/10 12:11 AM

Let's make that 3 filters, also peer address.

3: Re: generalize rp_filter feature (response to 1)

Posted by Dave Bauer on 07/20/10 02:18 PM

This seems like a great idea.

I wonder how watching the request processor procs affects the filters since they are the procs that would reload themselves!

4: Re: generalize rp_filter feature (response to 1)

Posted by Torben Brosten on 07/26/10 10:22 PM

Currently, ad_script_abort is used after redirects in rp_filter, which leaves a short error message in the log, but appears to function as expected.

It would be nice to know if there is a cleaner way of handling this.

5: Re: generalize rp_filter feature (response to 1)

Posted by Torben Brosten on 09/06/10 01:10 PM

I think I've found a cleaner way.. by using:
return filter_return

Just need to redirect to a global/blocked.adp page

..still field testing..

Back to OpenACS Development