There might be multiple clients using a single IP (e.g. NAT), which can make the blacklist do more harm than good. So add a setting to disable it if needed.tags/v1.9.90
using namespace rfb; | using namespace rfb; | ||||
BoolParameter enabled("UseBlacklist", | |||||
"Temporarily reject connections from a host if it " | |||||
"repeatedly fails to authenticate.", | |||||
true); | |||||
IntParameter threshold("BlacklistThreshold", | IntParameter threshold("BlacklistThreshold", | ||||
"The number of unauthenticated connection attempts " | "The number of unauthenticated connection attempts " | ||||
"allowed from any individual host before that host " | "allowed from any individual host before that host " | ||||
} | } | ||||
bool Blacklist::isBlackmarked(const char* name) { | bool Blacklist::isBlackmarked(const char* name) { | ||||
if (!enabled) | |||||
return false; | |||||
BlacklistMap::iterator i = blm.find(name); | BlacklistMap::iterator i = blm.find(name); | ||||
if (i == blm.end()) { | if (i == blm.end()) { | ||||
// Entry is not already black-marked. | // Entry is not already black-marked. |
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | ||||
. | . | ||||
.TP | .TP | ||||
.B \-UseBlacklist | |||||
Temporarily reject connections from a host if it repeatedly fails to | |||||
authenticate. Default is on. | |||||
. | |||||
.TP | |||||
.B \-BlacklistThreshold \fIcount\fP | .B \-BlacklistThreshold \fIcount\fP | ||||
The number of unauthenticated connection attempts allowed from any individual | The number of unauthenticated connection attempts allowed from any individual | ||||
host before that host is black-listed. Default is 5. | host before that host is black-listed. Default is 5. |
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | See the GnuTLS manual for possible values. Default is \fBNORMAL\fP. | ||||
. | . | ||||
.TP | .TP | ||||
.B \-UseBlacklist | |||||
Temporarily reject connections from a host if it repeatedly fails to | |||||
authenticate. Default is on. | |||||
. | |||||
.TP | |||||
.B \-BlacklistThreshold \fIcount\fP | .B \-BlacklistThreshold \fIcount\fP | ||||
The number of unauthenticated connection attempts allowed from any individual | The number of unauthenticated connection attempts allowed from any individual | ||||
host before that host is black-listed. Default is 5. | host before that host is black-listed. Default is 5. |