5734: XML advanced traffic rules - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5734	Composr	core_configuration	public	2024-04-25 16:12	2024-07-22 21:51

Reporter	PDStig	Assigned To	Guest
Priority	normal	Severity	feature
Status	new	Resolution	open

Summary	5734: XML advanced traffic rules
Description	Implement an XML configuration that can define advanced rules to perform on certain traffic to a Composr site. Available criteria could be things like IP address (supporting wildcards), user agent, request/response headers, hostname, country/region (if geocoding is available), referrer, operating system, member, group, is staff, is administrator, is on probation, is guest, is bot, zone/page/type requested, GET/POST parameters, etc. Available actions could include applying a specific rate limit, throttling (e.g. sleep the request?), serve / apply a static cache, redirecting, blocking the request, banning (as spammer according to configured time), banning (permanently, optional advanced banning type), requiring validation for submitted content, preventing login or account registration, requiring login, logging the request, enabling profiling for the request, treating the request under dev mode, etc. Criteria should allow equals, does not equal (prefix with !), contains (prefix and/or suffix with ), or does not contain (prefix with ! followed by a prefix and/or suffix of ). Perhaps also allow regex. We should possibly utilise a cache for this so we know which criteria if any a repeat request matched and what actions were applied (the goal is reducing resource use especially with having to repeatedly parse the XML). Cache is cleared individually after a period of time or as a whole when the XML is changed.
Additional Information	Inspiration: Cloudflare WAF rules
Tags	Roadmap: Sponsorship
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

Chris Graham 2024-07-22 21:43 administrator ~8883	This seems like an enormous amount of work to serve a small niche. Let's say it took a month to do. What would help the Composr project grow more, a month implementing this, or a month sitting down with newbie users and watching what they do and tweaking things?

PDStig 2024-07-22 21:51 administrator ~8884	No idea why I tagged this as Over the Horizon and not Sponsorship... this was meant as a sponsorship idea

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2024-04-25 16:12	PDStig	New Issue
2024-04-25 16:12	PDStig	Tag Attached: Roadmap: Over the horizon
2024-04-25 16:13	PDStig	Description Updated
2024-04-25 16:39	PDStig	Description Updated
2024-04-25 16:39	PDStig	Description Updated
2024-04-25 16:41	PDStig	Description Updated
2024-07-22 21:43	Chris Graham	Note Added: 0008883
2024-07-22 21:51	PDStig	Note Added: 0008884
2024-07-22 21:51	PDStig	Tag Detached: Roadmap: Over the horizon
2024-07-22 21:51	PDStig	Tag Attached: Roadmap: Sponsorship