Skip to content

Commit bb0a658

Browse files
author
Till Brehm
committed
Implemented #4903 Extend IDS system to allow different settings for clients and admin
1 parent f93c954 commit bb0a658

File tree

2 files changed

+33
-7
lines changed

2 files changed

+33
-7
lines changed

interface/lib/classes/ids.inc.php

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,25 @@ public function start()
118118

119119
$impact = $ids_result->getImpact();
120120

121-
if($impact >= $security_config['ids_log_level']) {
121+
// Choose level from security config
122+
if($app->auth->is_admin()) {
123+
// User is admin
124+
$ids_log_level = $security_config['ids_admin_log_level'];
125+
$ids_warn_level = $security_config['ids_admin_warn_level'];
126+
$ids_block_level = $security_config['ids_admin_block_level'];
127+
} elseif(is_array($_SESSION['s']['user']) && $_SESSION['s']['user']['userid'] > 0) {
128+
// User is Client or Reseller
129+
$ids_log_level = $security_config['ids_user_log_level'];
130+
$ids_warn_level = $security_config['ids_user_warn_level'];
131+
$ids_block_level = $security_config['ids_user_block_level'];
132+
} else {
133+
// Not logged in
134+
$ids_log_level = $security_config['ids_anon_log_level'];
135+
$ids_warn_level = $security_config['ids_anon_warn_level'];
136+
$ids_block_level = $security_config['ids_anon_block_level'];
137+
}
138+
139+
if($impact >= $ids_log_level) {
122140
$ids_log = ISPC_ROOT_PATH.'/temp/ids.log';
123141
if(!is_file($ids_log)) touch($ids_log);
124142

@@ -132,11 +150,11 @@ public function start()
132150

133151
}
134152

135-
if($impact >= $security_config['ids_warn_level']) {
153+
if($impact >= $ids_warn_level) {
136154
$app->log("PHP IDS Alert.".$ids_result, 2);
137155
}
138156

139-
if($impact >= $security_config['ids_block_level']) {
157+
if($impact >= $ids_block_level) {
140158
$app->error("Possible attack detected. This action has been logged.",'', true, 2);
141159
}
142160

security/security_settings.ini

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,18 @@ password_reset_allowed=yes
1919
session_regenerate_id=yes
2020

2121
[ids]
22-
ids_enabled=no
23-
ids_log_level=1
24-
ids_warn_level=5
25-
ids_block_level=100
22+
ids_anon_enabled=yes
23+
ids_anon_log_level=1
24+
ids_anon_warn_level=5
25+
ids_anon_block_level=10
26+
ids_user_enabled=yes
27+
ids_user_log_level=1
28+
ids_user_warn_level=10
29+
ids_user_block_level=50
30+
ids_admin_enabled=no
31+
ids_admin_log_level=1
32+
ids_admin_warn_level=5
33+
ids_admin_block_level=100
2634
sql_scan_enabled=yes
2735
sql_scan_action=warn
2836
apache_directives_scan_enabled=yes

0 commit comments

Comments
 (0)