.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RateLimit 3pm" .TH RateLimit 3pm "2006-05-04" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CGI::Application::Plugin::RateLimit \- limits runmode call rate per user .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use CGI::Application::Plugin::RateLimit; \& \& sub setup { \& ... \& \& # call this in your setup routine to set \& my $rate_limit = $self\->rate_limit(); \& \& # set the database handle to use \& $rate_limit\->dbh($dbh); \& \& # set the table name to use for storing hits, the default is \& # \*(Aqrate_limit_hits\*(Aq \& $rate_limit\->table(\*(Aqrate_limit_hits\*(Aq); \& \& # keep people from calling \*(Aqsend\*(Aq more often than 5 times in 10 \& # minutes and \*(Aqlist\*(Aq more often than once every 5 seconds. \& $rate_limit\->protected_modes(send => {timeframe => \*(Aq10m\*(Aq, \& max_hits => 5 \& }, \& list => {timeframe => \*(Aq5s\*(Aq, \& max_hits => 1 \& }); \& \& # you can also protect abstract actions, for example to prevent a \& # flood of failed logins \& $rate_limit\->protected_actions(failed_login => {timeframe => \*(Aq10s\*(Aq, \& max_hits => 2 \& }); \& \& # call this runmode when a violation is detected \& $rate_limit\->violation_mode(\*(Aqtoo_fast_buddy\*(Aq); \& \& # or, run this callback \& $rate_limit\->violation_callback(sub { die(...) }); \& \& # override the default identity function \& # ($ENV{REMOTE_USER} || $ENV{REMOTE_IP}) \& $rate_limit\->identity_callback(sub { ... }); \& } \& \& # record a hit for an action (not needed for run\-modes which are \& # handled automatically) \& $rate_limit\->record_hit(action => \*(Aqfailed_login\*(Aq); \& \& # check for a violation on an action and handle \& return $self\->slow_down_buddy \& if( $rate_limit\->check_violation(action => \*(Aqfailed_login\*(Aq) ); \& \& # revoke the most recent hit for this user, preventing it from \& # counting towards a violation \& $rate_limit\->revoke_hit(); \& \& # examine the violation in violation_mode or violation_callback: \& $mode = $rate_limit\->violated_mode; \& $action = $rate_limit\->violated_action; \& $limits = $rate_limit\->violated_limits; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module provides protection against a user calling a runmode too frequently. A typical use-case might be a contact form that sends email. You'd like to allow your users to send you messages, but thousands of messages from a single user would be a problem. .PP This module works by maintaining a database of hits to protected runmodes. It then checks this database to determine if a new hit should be allowed based on past activity by the user. The user's identity is, by default, tied to login (via \s-1REMOTE_USER\s0) or \s-1IP\s0 address (via \s-1REMOTE_IP\s0) if login info is not available. You may provide your own identity function via the \fIidentity_callback()\fR method. .PP To use this module you must create a table in your database with the following schema (using MySQL-syntax, although other DBs may work as well with minor alterations): .PP .Vb 6 \& CREATE TABLE rate_limit_hits ( \& user_id VARCHAR(255) NOT NULL, \& action VARCHAR(255) NOT NULL, \& timestamp UNSIGNED INTEGER NOT NULL, \& INDEX (user_id, action, timestamp) \& ); .Ve .PP You may feel free to vary the storage-type and size of user_id and action to match your usage. For example, if your \fIidentity_callback()\fR always returns an integer you could make user_id an integer column. .PP This table should be periodically cleared of old data. Anything older than the maximum timeframe being used can be safely deleted. .PP \&\fB\s-1IMPORTANT\s0 \s-1NOTE\s0\fR: The protection offered by this module is not perfect. Identifying a user on the internet is very hard and a sophisticated attacker can work around these checks, by switching IPs or automating login creation. .SH "INTERFACE" .IX Header "INTERFACE" The object returned from calling \f(CW\*(C`$self\->rate_limit\*(C'\fR on your CGI::App object supports the following method calls: .SS "dbh" .IX Subsection "dbh" .Vb 1 \& $rate_limit\->dbh($dbh); .Ve .PP Call this to set the database handle the object should use. Must be set in \fIsetup()\fR. .SS "table" .IX Subsection "table" .Vb 1 \& $rate_limit\->table(\*(Aqsome_table_name\*(Aq); .Ve .PP Call this to determine the table to be used to store and lookup hits. The default is 'rate_limit_hits' if not set. See the \s-1DESCRIPTION\s0 section for the required table schema. .SS "protected_modes" .IX Subsection "protected_modes" .Vb 6 \& $rate_limit\->protected_modes(send => {timeframe => \*(Aq10m\*(Aq, \& max_hits => 5 \& }, \& list => {timeframe => \*(Aq5s\*(Aq, \& max_hits => 1 \& }); .Ve .PP Takes a list of key-value pairs describing the modes to protect. Keys are names of run-modes. Values are hashes with the following keys: .PP .Vb 3 \& timeframe \- the timeframe to be considered for violations. Values \& must be numbers followed by either \*(Aqs\*(Aq for seconds, \*(Aqm\*(Aq for minutes \& or \*(Aqh\*(Aq for hours. \& \& max_hits \- how many hits to allow in the specified timeframe before \& triggering a violation. .Ve .SS "protected_actions" .IX Subsection "protected_actions" .Vb 3 \& $rate_limit\->protected_actions(failed_login => {timeframe => \*(Aq10s\*(Aq, \& max_hits => 2 \& }); .Ve .PP Specifies non-run-mode actions to protect. These are arbitrary keys you can use with \fIrecord_hit()\fR and \fIcheck_violation()\fR. Takes the same data-structure as \fIprotected_modes()\fR. .SS "violation_mode" .IX Subsection "violation_mode" .Vb 1 \& $rate_limit\->violation_mode(\*(Aqtoo_fast_buddy\*(Aq); .Ve .PP Call to set a run-mode to call when a violation is triggered. Either this or violation_callback must be set. .SS "violation_callback" .IX Subsection "violation_callback" .Vb 1 \& $rate_limit\->violation_callback(sub { ... }); .Ve .PP Callback to call when a violation is detected. Should either throw an exception or return the run-mode to run. Called with the CGI::App object as its sole parameter. .SS "identity_callback" .IX Subsection "identity_callback" .Vb 1 \& $rate_limit\->identity_callback(sub { ... }); .Ve .PP Call this to provide a customized mechanism for determining the identity of the user. The default is: .PP .Vb 1 \& sub { $ENV{REMOTE_USER} || $ENV{REMOTE_IP} } .Ve .PP You might consider adding in session-ID or a hook to your authentication system if it doesn't use \s-1REMOTE_USER\s0. Whatever you write should return a single scalar which is expected to be unique to each user. .SS "record_hit" .IX Subsection "record_hit" .Vb 1 \& $rate_limit\->record_hit(action => \*(Aqfailed_login\*(Aq); .Ve .PP Record a hit for an arbitrary action. This is not needed for run-mode protection. Takes the action name as an argument, which must match an action registered with \fIprotected_actions()\fR. .SS "check_violation" .IX Subsection "check_violation" .Vb 2 \& return $self\->slow_down_buddy \& if( $rate_limit\->check_violation(action => \*(Aqfailed_login\*(Aq) ); .Ve .PP Checks for a violation of a protected action. This is not needed for run-mode protection. Takes the action name as an argument, which must match an action registered with \fIprotected_actions()\fR. .PP Returns 1 if a violation took place, 0 otherwise. .SS "revoke_hit" .IX Subsection "revoke_hit" .Vb 1 \& $rate_limit\->revoke_hit(); .Ve .PP Revokes the last hit for this user. You might use this to prevent validation errors from counting against a user, for example. .SS "violated_mode" .IX Subsection "violated_mode" .Vb 1 \& $mode = $rate_limit\->violated_mode; .Ve .PP Returns the mode for the last violation, or undef if an action caused the violation. .SS "violated_action" .IX Subsection "violated_action" .Vb 1 \& $mode = $rate_limit\->violated_action; .Ve .PP Returns the action for the last violation, or undef if an action caused the violation. .SS "violated_limits" .IX Subsection "violated_limits" .Vb 1 \& $limits = $rate_limit\->violated_limits; .Ve .PP Returns the hash-ref passed to \fIprotected_actions()\fR or \&\fIprotected_modes()\fR for the violated mode/action. .SH "DATABASE SUPPORT" .IX Header "DATABASE SUPPORT" I've tested this module with MySQL and SQLite. I think it's likely to work with many other databases \- please let me know if you try one. .SH "SUPPORT" .IX Header "SUPPORT" Please send questions and suggestions about this module to the CGI::Application mailing-list. To join the mailing list, simply send a blank message to: .PP .Vb 1 \& cgiapp\-subscribe@lists.erlbaum.net .Ve .SH "VERSION CONTROL" .IX Header "VERSION CONTROL" This module is in a public Subversion repository at SourceForge here: .PP .Vb 1 \& https://svn.sourceforge.net/svnroot/html\-template/trunk/CGI\-Application\-Plugin\-RateLimit .Ve .SH "BUGS" .IX Header "BUGS" I know of no bugs. If you find one, let me know by filing a report on http://rt.cpan.org. Failing that, you can email me at sam@tregar.com. Please include the version of the module you're using and small test case demonstrating the problem. .SH "AUTHOR" .IX Header "AUTHOR" Sam Tregar, sam@plusthree.com .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" Copyright (C) 2006 by Sam Tregar .PP This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.