changeset 3887:f85cd27073a9

merged some 1.7 changesets
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 27 Jul 2008 13:49:47 +0200
parents 9e40b4ecf68f (current diff) 3d3cbae4c550 (diff)
children 977588b8f7c5
files MoinMoin/config/multiconfig.py MoinMoin/script/account/create.py docs/CHANGES
diffstat 2 files changed, 8 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sun Jul 27 13:38:06 2008 +0200
+++ b/MoinMoin/config/multiconfig.py	Sun Jul 27 13:49:47 2008 +0200
@@ -734,20 +734,22 @@
   # ==========================================================================
   'spam_leech_dos': ('Anti-Spam/Leech/DOS', None, (
     ('hosts_deny', [], "List of denied IPs; if an IP ends with a dot, it denies a whole subnet (class A, B or C)"),
-
     ('surge_action_limits',
      {# allow max. <count> <action> requests per <dt> secs
         # action: (count, dt)
-        'all': (30, 30),
+        'all': (30, 30), # all requests (except cache/AttachFile action) count for this limit
+        'default': (30, 60), # default limit for actions without a specific limit
         'show': (30, 60),
         'recall': (10, 120),
         'raw': (20, 40),  # some people use this for css
-        'AttachFile': (90, 60),
         'diff': (30, 60),
         'fullsearch': (10, 120),
         'edit': (30, 300), # can be lowered after making preview different from edit
         'rss_rc': (1, 60),
-        'default': (30, 60),
+        # The following actions are often used for images - to avoid pages with lots of images
+        # (like photo galleries) triggering surge protection, we assign rather high limits:
+        'AttachFile': (90, 60),
+        'cache': (600, 30), # cache action is very cheap/efficient
      },
      "Surge protection tries to deny clients causing too much load/traffic, see /SurgeProtection."),
     ('surge_lockout_time', 3600, "time [s] someone gets locked out when ignoring the warnings"),
--- a/MoinMoin/request/__init__.py	Sun Jul 27 13:38:06 2008 +0200
+++ b/MoinMoin/request/__init__.py	Sun Jul 27 13:49:47 2008 +0200
@@ -270,7 +270,7 @@
         current_id = validuser and self.user.name or self.remote_addr
         current_action = self.action
 
-        default_limit = self.cfg.surge_action_limits.get('default', (30, 60))
+        default_limit = limits.get('default', (30, 60))
 
         now = int(time.time())
         surgedict = {}
@@ -305,7 +305,7 @@
                 if len(timestamps) < maxnum * 2:
                     timestamps.append((now + self.cfg.surge_lockout_time, surge_indicator)) # continue like that and get locked out
 
-            if current_action != 'AttachFile': # don't add AttachFile accesses to all or picture galleries will trigger SP
+            if current_action not in ('cache', 'AttachFile', ): # don't add cache/AttachFile accesses to all or picture galleries will trigger SP
                 current_action = 'all' # put a total limit on user's requests
                 maxnum, dt = limits.get(current_action, default_limit)
                 events = surgedict.setdefault(current_id, {})