There might be multiple clients using a single IP (e.g. NAT), which can make the blacklist do more harm than good. So add a setting to disable it if needed.tags/v1.9.90
@@ -20,6 +20,10 @@ | |||
using namespace rfb; | |||
BoolParameter enabled("UseBlacklist", | |||
"Temporarily reject connections from a host if it " | |||
"repeatedly fails to authenticate.", | |||
true); | |||
IntParameter threshold("BlacklistThreshold", | |||
"The number of unauthenticated connection attempts " | |||
"allowed from any individual host before that host " | |||
@@ -44,6 +48,9 @@ Blacklist::~Blacklist() { | |||
} | |||
bool Blacklist::isBlackmarked(const char* name) { | |||
if (!enabled) | |||
return false; | |||
BlacklistMap::iterator i = blm.find(name); | |||
if (i == blm.end()) { | |||
// Entry is not already black-marked. |
@@ -142,6 +142,11 @@ GnuTLS priority string that controls the TLS session’s handshake algorithms. | |||
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | |||
. | |||
.TP | |||
.B \-UseBlacklist | |||
Temporarily reject connections from a host if it repeatedly fails to | |||
authenticate. Default is on. | |||
. | |||
.TP | |||
.B \-BlacklistThreshold \fIcount\fP | |||
The number of unauthenticated connection attempts allowed from any individual | |||
host before that host is black-listed. Default is 5. |
@@ -231,6 +231,11 @@ GnuTLS priority string that controls the TLS session’s handshake algorithms. | |||
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | |||
. | |||
.TP | |||
.B \-UseBlacklist | |||
Temporarily reject connections from a host if it repeatedly fails to | |||
authenticate. Default is on. | |||
. | |||
.TP | |||
.B \-BlacklistThreshold \fIcount\fP | |||
The number of unauthenticated connection attempts allowed from any individual | |||
host before that host is black-listed. Default is 5. |