View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005802 | unreal | ircd | public | 2021-01-05 19:34 | 2021-03-07 11:33 |
| Reporter | PeGaSuS | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Platform | Unix | OS | Ubuntu | OS Version | 20.04 |
| Fixed in Version | 5.0.9-rc1 | ||||
| Summary | 0005802: Option to limit the number of connections per IP globally | ||||
| Description | Currently we have the allow::maxperip setting which is server only. In case of a network with multiple servers, that allows the same user to connect X times per server with the same IP. An option to define the allow::maxperip globally (perhaps call it allow::global-maxperip) would be great. Cheers | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
First of all, I totally agree(?) or at least think it is weird that it is only counted locally. Servers are fast enough nowadays that we can easily check globally. So, first thing comes to mind is to have 'maxperip' apply globally instead of locally, but.. i think that would cause unintended effects at this moment. So then, indeed, we would have to add a new config item like global-maxperip. I also think it would be wise to set a default for this, like make the global maxperip = maxperip * 2 by default. That should be OK for most networks. And of course, document this properly in release notes. |
|
|
Thanks again for bringing this up, like i said (sortof) i kinda forgot about this :D. I decided to make the default maxperip plus one. Lots of people have 2 or 3 for maxperip so that will mean they will now have a global-maxperip of 3 or 4, unless they set it explicitly of course. That sounds like a better default value than the *2 that i mentioned earlier, which leaves way too much room for attackers. commit 636b068062f786041effe536a63d5298cbd07f70 (HEAD -> unreal50, origin/unreal50) Author: Bram Matthys <syzop@vulnscan.org> Date: Sun Mar 7 11:30:02 2021 +0100 New option allow::global-maxperip, defaults to allow::maxperip+1. Suggested by Jobe and PeGaSuS in https://bugs.unrealircd.org/view.php?id=5802 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-01-05 19:34 | PeGaSuS | New Issue | |
| 2021-02-13 20:04 | syzop | Note Added: 0021893 | |
| 2021-02-13 20:04 | syzop | Status | new => acknowledged |
| 2021-02-13 20:07 | syzop | Note Edited: 0021893 | View Revisions |
| 2021-03-07 11:33 | syzop | Assigned To | => syzop |
| 2021-03-07 11:33 | syzop | Status | acknowledged => resolved |
| 2021-03-07 11:33 | syzop | Resolution | open => fixed |
| 2021-03-07 11:33 | syzop | Fixed in Version | => 5.0.9-rc1 |
| 2021-03-07 11:33 | syzop | Note Added: 0021902 |
