MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added exclusion to MaxInvalidLogin. #3192

This commit is contained in:
Ylian Saint-Hilaire 2021-10-13 17:15:26 -07:00
parent c814fdc412
commit 8189ca0256
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
meshcentral-config-schema.json
View File

@ -228,10 +228,12 @@
"maxInvalidLogin": {
"type": "object",
"additionalProperties": false,
"description": "This section described a policy for how many times an IP address is allowed to attempt to login incorrectly. By default it's 10 times in 10 minutes, but this can be changed here.",
"properties": {
"time": { "type": "integer" },
"count": { "type": "integer" },
"coolofftime": { "type": "integer" }
"exclude": { "type": "string", "default": null, "description": "Ranges of IP addresses that are not subject to invalid login limitations. For example: 192.168.1.0/24,172.16.0.1"},
"time": { "type": "integer", "default": 10, "description": "Time in minutes over which the a maximum number of invalid login attempts is allowed from an IP address." },
"count": { "type": "integer", "default": 10, "description": "Maximum number of invalid login attempts from an IP address in the time period." },
"coolofftime": { "type": "integer", "default": null, "description": "Additional time in minute that login attempts will be denied once the invalid login limit is reached." }
}
},
"amtProvisioningServer": {

9
webserver.js
View File

@ -7665,6 +7665,15 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.setbadLogin = function (ip) { // Set an IP address that just did a bad login request
if (parent.config.settings.maxinvalidlogin === false) return;
if (typeof ip == 'object') { ip = ip.clientIp; }
if (parent.config.settings.maxinvalidlogin != null) {
if (typeof parent.config.settings.maxinvalidlogin.exclude == 'string') {
const excludeSplit = parent.config.settings.maxinvalidlogin.exclude.split(',');
for (var i in excludeSplit) { if (require('ipcheck').match(ip, excludeSplit[i])) return; }
} else if (Array.isArray(parent.config.settings.maxinvalidlogin.exclude)) {
for (var i in parent.config.settings.maxinvalidlogin.exclude) { if (require('ipcheck').match(ip, parent.config.settings.maxinvalidlogin.exclude[i])) return; }
}
return;
}
var splitip = ip.split('.');
if (splitip.length == 4) { ip = (splitip[0] + '.' + splitip[1] + '.' + splitip[2] + '.*'); }
if (++obj.badLoginTableLastClean > 100) { obj.cleanBadLoginTable(); }