Giters

LandSandBoat / server

:sailboat: LandSandBoat - a server emulator for Final Fantasy XI. Just an X-34 landspeeder out for a drive.

Home Page:https://landsandboat.github.io/server/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

🔨 Add setting to block IPs from querying search that haven't authenticated to login

WinterSolstice8 opened this issue · comments

commented

I affirm:

  • I understand that if I do not agree to the following points by completing the checkboxes my issue will be ignored.
  • I have read and understood the Contributing Guide and the Code of Conduct.
  • I have searched existing issues to see if the issue has already been opened, and I have checked the commit log to see if the issue has been resolved since my server was last updated.

Describe the feature

Add a ZMQ message processor to Search with the sole purpose of being able to optionally whitelist all authenticated (valid users) to query the search server.

This would also require an update to auth_session.cpp to add MSG_LOGIN message so the search server knows that it should update it's whitelist, see

server/src/login/auth_session.cpp

Line 179 in 3390ef1

queue_message(ipp, MSG_LOGIN, &chardata, &empty);

There is current abuse being done by "pxiah dot com" that exploits the fact that we aren't able to do this. Yes, this is only a massive mitigation because you could still do this by logging in and becoming whitelisted, but it would become a huge PITA.

commented

I've added this PR to alleviate some of the stress from external connections scraping the search server: #5102

But this issue is still a good way to curtail that behaviour