[SPIP WAF] 3 commits

spip-contrib-extensions/waf | 3 commits

Par Urs Riggenbach, le 7 mai 2026 à 11h33min :

Merge branch ‹ feat/tarpit-delay › into ‹ main ›

feat: add configurable tarpit delay for banned IPs

See merge request spip-contrib-extensions/waf!27

Modifié
README.md
waf_fonctions.php

Détails : Merge branch 'feat/tarpit-delay' into 'main' (cc6834fe) · Validations · spip-contrib-extensions / SPIP WAF · GitLab

==============================
Par pierretux, le 6 mai 2026 à 14h35min :

docs: document tarpit delay and advanced configuration constants

Modifié
README.md

Détails : docs: document tarpit delay and advanced configuration constants (2a5ea221) · Validations · spip-contrib-extensions / SPIP WAF · GitLab

==============================
Par pierretux, le 6 mai 2026 à 14h32min :

feat: add configurable tarpit delay for banned IPs

waf_tarpit_and_block() sends the 403, calls fastcgi_finish_request() to
release the HTTP connection, then sleeps _WAF_TARPIT_DELAY seconds (default 3).
The sleep runs after the socket is closed so an attacker cannot exhaust the
PHP-FPM worker pool by flooding banned IPs. Set to 0 in mes_options.php to
disable, or raise it (e.g. 10) for more aggressive tarpitting.

Modifié
waf_fonctions.php

Détails : feat: add configurable tarpit delay for banned IPs (11dc4a10) · Validations · spip-contrib-extensions / SPIP WAF · GitLab