1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
|
Source: libcgi-application-plugin-ratelimit-perl
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Uploaders: Jaldhar H. Vyas <jaldhar@debian.org>
Section: perl
Testsuite: autopkgtest-pkg-perl
Priority: optional
Build-Depends: debhelper (>= 8)
Build-Depends-Indep: libcgi-pm-perl | perl (<< 5.19),
perl,
libcgi-application-perl,
libclass-accessor-perl,
libdbi-perl,
libdbd-sqlite3-perl
Standards-Version: 3.9.6
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/libcgi-application-plugin-ratelimit-perl.git
Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libcgi-application-plugin-ratelimit-perl.git
Homepage: https://metacpan.org/release/CGI-Application-Plugin-RateLimit
Package: libcgi-application-plugin-ratelimit-perl
Architecture: all
Depends: ${misc:Depends},
${perl:Depends},
libcgi-application-perl,
libclass-accessor-perl
Recommends: libcgi-application-plugin-dbh-perl
Enhances: libcgi-application-perl
Breaks: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Replaces: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Description: Perl module for limiting the runmode call rate per user
CGI::Application::Plugin::RateLimit provides protection against a user
calling a runmode too frequently. A typical use-case might be a contact form
that sends email. You'd like to allow your users to send you messages, but
thousands of messages from a single user would be a problem.
.
This module works by maintaining a database of hits to protected runmodes. It
then checks this database to determine if a new hit should be allowed based
on past activity by the user. The user's identity is, by default, tied to
login (via REMOTE_USER) or IP address (via REMOTE_IP) if login info is not
available. You may provide your own identity function via the
identity_callback() method.
.
To use this module you must create a table in your database with the
following schema (using MySQL-syntax, although other DBs may work as well
with minor alterations):
.
CREATE TABLE rate_limit_hits (
user_id VARCHAR(255) NOT NULL,
action VARCHAR(255) NOT NULL,
timestamp UNSIGNED INTEGER NOT NULL,
INDEX (user_id, action, timestamp)
);
.
You may feel free to vary the storage-type and size of user_id and action to
match your usage. For example, if your identity_callback() always returns an
integer you could make user_id an integer column.
.
This table should be periodically cleared of old data. Anything older than the
maximum timeframe being used can be safely deleted.
.
IMPORTANT NOTE: The protection offered by this module is not perfect.
Identifying a user on the internet is very hard and a sophisticated attacker
can work around these checks, by switching IPs or automating login creation.
|