diff options
-rw-r--r-- | IkiWiki/CGI.pm | 28 | ||||
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | doc/banned_users.mdwn | 8 | ||||
-rw-r--r-- | doc/todo/blocking_ip_ranges.mdwn | 3 |
4 files changed, 33 insertions, 8 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index af58d7cb5..52cafade0 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -252,16 +252,30 @@ sub check_banned ($$) { my $q=shift; my $session=shift; + my $banned=0; my $name=$session->param("name"); - if (defined $name) { - if (grep { $name eq $_ } @{$config{banned_users}}) { - $session->delete(); - cgi_savesession($session); - cgi_custom_failure( - $q->header(-status => "403 Forbidden"), - gettext("You are banned.")); + if (defined $name && + grep { $name eq $_ } @{$config{banned_users}}) { + $banned=1; + } + + foreach my $b (@{$config{banned_users}}) { + if (pagespec_match("", $b, + ip => $ENV{REMOTE_ADDR}, + name => defined $name ? $name : "", + )) { + $banned=1; + last; } } + + if ($banned) { + $session->delete(); + cgi_savesession($session); + cgi_custom_failure( + $q->header(-status => "403 Forbidden"), + gettext("You are banned.")); + } } sub cgi_getsession ($) { diff --git a/debian/changelog b/debian/changelog index 6109a7012..86e8513f7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ ikiwiki (3.14159265) UNRELEASED; urgency=low * Add French basewiki translation from the Debian French l10n team, including Philippe Batailler, Alexandre Dupas, and Steve Petruzzello. + * Expand banned_users; it can now include PageSpecs, which + allows banning by IP address. -- Joey Hess <joeyh@debian.org> Wed, 02 Sep 2009 15:01:27 -0400 diff --git a/doc/banned_users.mdwn b/doc/banned_users.mdwn index d2bec90f0..c44f8c587 100644 --- a/doc/banned_users.mdwn +++ b/doc/banned_users.mdwn @@ -1,4 +1,10 @@ -Banned users can be configured in the setup file. +Banned users can be configured in the setup file via the `banned_users` +setting. This is a list of user names, or [[PageSpecs|ikiwiki/PageSpec]] +to ban. Using a PageSpec is useful to block an IP address. + +For example: + + banned_users => ['evilspammer', 'ip(192.168.1.1)'], If a banned user attempts to use the ikiwiki CGI, they will receive a 403 Forbidden webpage indicating they are banned. diff --git a/doc/todo/blocking_ip_ranges.mdwn b/doc/todo/blocking_ip_ranges.mdwn index 95026eef1..ac2344ece 100644 --- a/doc/todo/blocking_ip_ranges.mdwn +++ b/doc/todo/blocking_ip_ranges.mdwn @@ -2,3 +2,6 @@ Admins need the ability to block IP ranges. They can already ban users. See [[fileupload]] for a propsal that grew to encompass the potential to do this. + +[[done]] (well, there is no pagespec for IP ranges yet, but we can block +individual IPs) |