Browse Source
[IMP] add a jocker '*' for discover or log all request environment variables
pull/1183/head
Sylvain Calador
7 years ago
No known key found for this signature in database
GPG Key ID: AB93CE7D33AADF8F
2 changed files with
9 additions and
4 deletions
-
auth_brute_force/README.rst
-
auth_brute_force/controllers/controllers.py
|
|
@ -39,9 +39,14 @@ of attempts allowed before the user was banned. |
|
|
|
|
|
|
|
|
You can also add a ir.config_parameter value for the key |
|
|
You can also add a ir.config_parameter value for the key |
|
|
'auth_brute_force.environ_log' which allows to log also specific request |
|
|
'auth_brute_force.environ_log' which allows to log also specific request |
|
|
environment variables. The format comma-delimited list of varible names |
|
|
|
|
|
|
|
|
environment variables. |
|
|
|
|
|
|
|
|
|
|
|
The format is a comma-delimited list of variable names |
|
|
example: REMOTE_ADDR,REMOTE_PORT |
|
|
example: REMOTE_ADDR,REMOTE_PORT |
|
|
|
|
|
|
|
|
|
|
|
or you can just use the jocker '*' for log or discover all variables, |
|
|
|
|
|
the variable names depends of the reverse-proxy configuration. |
|
|
|
|
|
|
|
|
Usage |
|
|
Usage |
|
|
----- |
|
|
----- |
|
|
|
|
|
|
|
|
|
|
|
@ -76,10 +76,10 @@ class LoginController(Home): |
|
|
|
|
|
|
|
|
environ = '' |
|
|
environ = '' |
|
|
if environ_log: |
|
|
if environ_log: |
|
|
value = environ_log[0]['value'] |
|
|
|
|
|
log_keys = [k.strip() for k in value.split(',')] |
|
|
|
|
|
|
|
|
filter_value = environ_log[0]['value'] |
|
|
|
|
|
filter_keys = [k.strip() for k in filter_value.split(',')] |
|
|
for key, value in request.httprequest.environ.items(): |
|
|
for key, value in request.httprequest.environ.items(): |
|
|
if key in log_keys: |
|
|
|
|
|
|
|
|
if key in filter_keys or filter_value == '*': |
|
|
environ += '%s=%s\n' % (key, value) |
|
|
environ += '%s=%s\n' % (key, value) |
|
|
|
|
|
|
|
|
attempt_obj.create(cursor, SUPERUSER_ID, { |
|
|
attempt_obj.create(cursor, SUPERUSER_ID, { |
|
|
|
