Feature #2712
sending limiter
| Status: | Resolved | Start date: | 2009-02-26 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | 2009-03-08 | |
| Assignee: | Reinhard Führicht | % Done: | 100% |
|
| Category: | Frontend | |||
| Target version: | Beta v1.0 | |||
| Votes: | 0 |
Description
It would be nice if there is a rate limiting function for forms (perhaps per IP), so bots sending forms could be automatically slowed down or blocked for some time.
Configurable via TS either per form or globally.
I suggest something like an additional interceptor or validator which checks the log table for submitted forms from this IP and prevents the form being submitted if the configured limit is exceeded.
IMHO necessary options:
threshold per ip: max submits per IP
ip timebase: seconds/hours/days/what ever
absolute threshold: max submits
absolute timebase: seconds/hours/days/what ever
and as additional feature for this feature: an alert function which sends an alert message if the limit is reached.
Associated revisions
[Bug 2712] Add a setting for the maximum size of full-size Lightbox images, r=oliver
History
Updated by Typoheads about 4 years ago
Useful for forms which e.g. aren't using captcha..
Updated by Reinhard Führicht about 4 years ago
- Status changed from New to Accepted
We will talk about details next week.
Updated by Reinhard Führicht about 4 years ago
Committed F3_MailformPlusPlus_Interceptor_IPBlocking.
Example TypoScript:
saveInterceptors {
1 {
class = F3_MailformPlusPlus_Interceptor_IPBlocking
config {
ip {
timebase {
value = 5
unit = minutes
}
threshold = 2
}
global {
timebase {
value = 5
unit = minutes
}
threshold = 30
}
}
}
}
This example configuration says that the form is allowed to be submitted twice in a period of 5 minutes and 30 times in 5 minutes globally.
Feedback welcome!
Updated by Reinhard Führicht about 4 years ago
Committed feature to send a report mail.
New example configuration:
saveInterceptors {
1 {
class = F3_MailformPlusPlus_Interceptor_IPBlocking
config {
report {
email = admin@host.com,rf@typoheads.at
sender = spamReport@host.com
subject = Form got submitted too often
}
ip {
timebase {
value = 5
unit = minutes
}
threshold = 2
}
global {
timebase {
value = 5
unit = minutes
}
threshold = 30
}
}
}
}
Example of how such a mail looks like currently:
IP address "127.0.0.1" has submitted a form too many times!
This is the URL to the form: http://localhost:85/typo3_4.2.2/index.php?id=1
These are the submitted values:
2009/02/26 11:02:40:
IP: 127.0.0.1
Params:
contact_via: email
email: asdf@sdfasf.at
firstname: asdf
interests: sports,music,science
lastname: asdf
submitted: 1
---------------------------------------
2009/02/26 11:02:41:
IP: 127.0.0.1
Params:
contact_via: email
email: asdf@sdfasf.at
firstname: asdf
interests: sports,music,science
lastname: asdf
submitted: 1
---------------------------------------
Updated by Reinhard Führicht about 4 years ago
The code works fine, but each time the form gets submitted too often, the alert e-mail will be sent, which will result in a lot of e-mails.
Find a way to limit the outgoing emails for a single alert, maybe by storing the alert data in a new db table?
Updated by Typoheads about 4 years ago
- Due date set to 2009-03-08
- Target version set to Beta v1.0
Updated by Reinhard Führicht about 4 years ago
- Category set to Frontend
- % Done changed from 0 to 80
Added new TypoScript settings:
- redirectPage: If the submission of the form gets blocked, the user gets redirected to this page (can be a page id or URL)
- report.interval: To prevent the sending of a lot of emails for a single alert, mails are only sent once each interval.
New sample TypoScript:
saveInterceptors {
1 {
class = F3_MailformPlusPlus_Interceptor_IPBlocking
config {
redirectPage = 3
report {
email = email@host.com
subject = Alert
sender = alert@host.com
interval {
value = 5
unit = minutes
}
}
ip {
timebase {
value = 2
unit = minutes
}
threshold = 2
}
global {
timebase {
value = 5
unit = minutes
}
threshold = 20
}
}
}
}
I will do some more testing before setting to resolved. Feedback welcome!
Updated by Reinhard Führicht about 4 years ago
- Status changed from Accepted to Resolved
- % Done changed from 80 to 100
Works as requested