View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 5369 | Composr | securitylogging | public | 2023-02-26 00:45 | 2023-02-26 01:08 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Priority | high | Severity | major | ||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.43 | ||||
| Fixed in Version | 10.0.44 | ||||
| Summary | 5369: Problems with IP banning | ||||
| Description | A number of big problems exist within IP banning, for both negative and time-limited bans, particularly when Composr is able to write to the .htaccess file. Negative bans are not preventing bans. Negative bans are being written into .htaccess as positive bans, if it is writable. Time-limited bans are not handled at all if the .htaccess is writable. Wildcard bans are not detectable by Composr if the .htaccess is writable (so they work on the Apache level, but not recognised by Composr) Internal caching for checking bans does not segment against different parameters for ban checks. regressions came into the project when it was optimised to be able to store bans in this file, and perhaps after other changes. Added extensive testing to avoid problems in the future. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-02-26 01:08 | Chris Graham | File Deleted: hotfix-5369, 2023-02-26 12am.tar | |
| 2023-02-26 01:08 | Chris Graham | File Added: hotfix-5369, 2023-02-26 12am.tar |
