<?php

[0] Fix | Delete

if (!defined('WORDFENCE_VERSION')) { exit; }

[1] Fix | Delete

/**

[2] Fix | Delete

* Presents the Rate Limiting group.

[3] Fix | Delete

*

[4] Fix | Delete

* Expects $firewall, $waf, and $stateKey.

[5] Fix | Delete

*

[6] Fix | Delete

* @var wfFirewall $firewall

[7] Fix | Delete

* @var wfWAF $waf

[8] Fix | Delete

* @var string $stateKey The key under which the collapse state is stored.

[9] Fix | Delete

* @var bool $collapseable If defined, specifies whether or not this grouping can be collapsed. Defaults to true.

[10] Fix | Delete

*/

[11] Fix | Delete

[12] Fix | Delete

$config = $waf->getStorageEngine();

[13] Fix | Delete

[14] Fix | Delete

if (!isset($collapseable)) {

[15] Fix | Delete

$collapseable = true;

[16] Fix | Delete

}

[17] Fix | Delete

?>

[18] Fix | Delete

<div class="wf-row">

[19] Fix | Delete

<div class="wf-col-xs-12">

[20] Fix | Delete

<div class="wf-block<?php if (!$collapseable) { echo ' wf-always-active'; } else { echo (wfPersistenceController::shared()->isActive($stateKey) ? ' wf-active' : ''); } ?>" data-persistence-key="<?php echo esc_attr($stateKey); ?>">

[21] Fix | Delete

<div class="wf-block-header">

[22] Fix | Delete

<div class="wf-block-header-content">

[23] Fix | Delete

<div class="wf-block-title">

[24] Fix | Delete

<strong><?php esc_html_e('Rate Limiting', 'wordfence'); ?></strong>

[25] Fix | Delete

</div>

[26] Fix | Delete

<?php if ($collapseable): ?><div class="wf-block-header-action"><div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive($stateKey) ? 'true' : 'false'); ?>" tabindex="0"></div></div><?php endif; ?>

[27] Fix | Delete

</div>

[28] Fix | Delete

</div>

[29] Fix | Delete

<div class="wf-block-content">

[30] Fix | Delete

<ul class="wf-block-list">

[31] Fix | Delete

<li>

[32] Fix | Delete

<?php

[33] Fix | Delete

echo wfView::create('options/option-switch', array(

[34] Fix | Delete

'optionName' => 'firewallEnabled',

[35] Fix | Delete

'value' => wfConfig::get('firewallEnabled') ? '1': '0',

[36] Fix | Delete

'title' => __('Enable Rate Limiting and Advanced Blocking', 'wordfence'),

[37] Fix | Delete

'subtitle' => __('NOTE: This checkbox enables ALL blocking/throttling functions including IP, country and advanced blocking, and the "Rate Limiting Rules" below.', 'wordfence'),

[38] Fix | Delete

'states' => array(

[39] Fix | Delete

array('value' => '0', 'label' => __('Off', 'wordfence')),

[40] Fix | Delete

array('value' => '1', 'label' => __('On', 'wordfence')),

[41] Fix | Delete

),

[42] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_ENABLE_ADVANCED_BLOCKING),

[43] Fix | Delete

'noSpacer' => true,

[44] Fix | Delete

'alignment' => 'wf-right',

[45] Fix | Delete

))->render();

[46] Fix | Delete

?>

[47] Fix | Delete

</li>

[48] Fix | Delete

<li>

[49] Fix | Delete

<?php

[50] Fix | Delete

echo wfView::create('options/option-select', array(

[51] Fix | Delete

'selectOptionName' => 'neverBlockBG',

[52] Fix | Delete

'selectOptions' => array(

[53] Fix | Delete

array('value' => 'neverBlockVerified', 'label' => __('Verified Google crawlers will not be rate-limited', 'wordfence')),

[54] Fix | Delete

array('value' => 'neverBlockUA', 'label' => __('Anyone claiming to be Google will not be rate-limited', 'wordfence')),

[55] Fix | Delete

array('value' => 'treatAsOtherCrawlers', 'label' => __('Treat Google like any other Crawler', 'wordfence')),

[56] Fix | Delete

),

[57] Fix | Delete

'selectValue' => wfConfig::get('neverBlockBG'),

[58] Fix | Delete

'title' => __('How should we treat Google\'s crawlers', 'wordfence'),

[59] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_GOOGLE_ACTION),

[60] Fix | Delete

))->render();

[61] Fix | Delete

?>

[62] Fix | Delete

</li>

[63] Fix | Delete

<?php

[64] Fix | Delete

$rateOptions = array(

[65] Fix | Delete

array('value' => 'DISABLED', 'label' => __('Unlimited', 'wordfence')),

[66] Fix | Delete

array('value' => 1920, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 1920)),

[67] Fix | Delete

array('value' => 960, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 960)),

[68] Fix | Delete

array('value' => 480, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 480)),

[69] Fix | Delete

array('value' => 240, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 240)),

[70] Fix | Delete

array('value' => 120, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 120)),

[71] Fix | Delete

array('value' => 60, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 60)),

[72] Fix | Delete

array('value' => 30, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 30)),

[73] Fix | Delete

array('value' => 15, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 15)),

[74] Fix | Delete

array('value' => 10, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 10)),

[75] Fix | Delete

array('value' => 5, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 5)),

[76] Fix | Delete

array('value' => 4, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 4)),

[77] Fix | Delete

array('value' => 3, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 3)),

[78] Fix | Delete

array('value' => 2, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 2)),

[79] Fix | Delete

array('value' => 1, 'label' => sprintf(/* translators: Number of HTTP requests. */__('%d per minute', 'wordfence'), 1)),

[80] Fix | Delete

);

[81] Fix | Delete

$actionOptions = array(

[82] Fix | Delete

array('value' => 'throttle', 'label' => __('throttle it', 'wordfence')),

[83] Fix | Delete

array('value' => 'block', 'label' => __('block it', 'wordfence')),

[84] Fix | Delete

);

[85] Fix | Delete

?>

[86] Fix | Delete

<li>

[87] Fix | Delete

<?php

[88] Fix | Delete

echo wfView::create('waf/option-rate-limit', array(

[89] Fix | Delete

'toggleOptionName' => 'maxGlobalRequests_enabled',

[90] Fix | Delete

'toggleValue' => !!wfConfig::get('maxGlobalRequests_enabled') ? 1 : 0,

[91] Fix | Delete

'rateOptionName' => 'maxGlobalRequests',

[92] Fix | Delete

'rateOptions' => $rateOptions,

[93] Fix | Delete

'rateValue' => wfConfig::get('maxGlobalRequests'),

[94] Fix | Delete

'lowValue' => 120,

[95] Fix | Delete

'actionOptionName' => 'maxGlobalRequests_action',

[96] Fix | Delete

'actionOptions' => $actionOptions,

[97] Fix | Delete

'actionValue' => wfConfig::get('maxGlobalRequests_action'),

[98] Fix | Delete

'title' => __('If anyone\'s requests exceed', 'wordfence'),

[99] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_RATE_LIMIT_ANY),

[100] Fix | Delete

))->render();

[101] Fix | Delete

?>

[102] Fix | Delete

</li>

[103] Fix | Delete

<li>

[104] Fix | Delete

<?php

[105] Fix | Delete

echo wfView::create('waf/option-rate-limit', array(

[106] Fix | Delete

'toggleOptionName' => 'maxRequestsCrawlers_enabled',

[107] Fix | Delete

'toggleValue' => !!wfConfig::get('maxRequestsCrawlers_enabled') ? 1 : 0,

[108] Fix | Delete

'rateOptionName' => 'maxRequestsCrawlers',

[109] Fix | Delete

'rateOptions' => $rateOptions,

[110] Fix | Delete

'rateValue' => wfConfig::get('maxRequestsCrawlers'),

[111] Fix | Delete

'lowValue' => 120,

[112] Fix | Delete

'actionOptionName' => 'maxRequestsCrawlers_action',

[113] Fix | Delete

'actionOptions' => $actionOptions,

[114] Fix | Delete

'actionValue' => wfConfig::get('maxRequestsCrawlers_action'),

[115] Fix | Delete

'title' => __('If a crawler\'s page views exceed', 'wordfence'),

[116] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_RATE_LIMIT_CRAWLER),

[117] Fix | Delete

))->render();

[118] Fix | Delete

?>

[119] Fix | Delete

</li>

[120] Fix | Delete

<li>

[121] Fix | Delete

<?php

[122] Fix | Delete

echo wfView::create('waf/option-rate-limit', array(

[123] Fix | Delete

'toggleOptionName' => 'max404Crawlers_enabled',

[124] Fix | Delete

'toggleValue' => !!wfConfig::get('max404Crawlers_enabled') ? 1 : 0,

[125] Fix | Delete

'rateOptionName' => 'max404Crawlers',

[126] Fix | Delete

'rateOptions' => $rateOptions,

[127] Fix | Delete

'rateValue' => wfConfig::get('max404Crawlers'),

[128] Fix | Delete

'lowValue' => 60,

[129] Fix | Delete

'actionOptionName' => 'max404Crawlers_action',

[130] Fix | Delete

'actionOptions' => $actionOptions,

[131] Fix | Delete

'actionValue' => wfConfig::get('max404Crawlers_action'),

[132] Fix | Delete

'title' => __('If a crawler\'s pages not found (404s) exceed', 'wordfence'),

[133] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_RATE_LIMIT_CRAWLER_404),

[134] Fix | Delete

))->render();

[135] Fix | Delete

?>

[136] Fix | Delete

</li>

[137] Fix | Delete

<li>

[138] Fix | Delete

<?php

[139] Fix | Delete

echo wfView::create('waf/option-rate-limit', array(

[140] Fix | Delete

'toggleOptionName' => 'maxRequestsHumans_enabled',

[141] Fix | Delete

'toggleValue' => !!wfConfig::get('maxRequestsHumans_enabled') ? 1 : 0,

[142] Fix | Delete

'rateOptionName' => 'maxRequestsHumans',

[143] Fix | Delete

'rateOptions' => $rateOptions,

[144] Fix | Delete

'rateValue' => wfConfig::get('maxRequestsHumans'),

[145] Fix | Delete

'lowValue' => 120,

[146] Fix | Delete

'actionOptionName' => 'maxRequestsHumans_action',

[147] Fix | Delete

'actionOptions' => $actionOptions,

[148] Fix | Delete

'actionValue' => wfConfig::get('maxRequestsHumans_action'),

[149] Fix | Delete

'title' => __('If a human\'s page views exceed', 'wordfence'),

[150] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_RATE_LIMIT_HUMAN),

[151] Fix | Delete

))->render();

[152] Fix | Delete

?>

[153] Fix | Delete

</li>

[154] Fix | Delete

<li>

[155] Fix | Delete

<?php

[156] Fix | Delete

echo wfView::create('waf/option-rate-limit', array(

[157] Fix | Delete

'toggleOptionName' => 'max404Humans_enabled',

[158] Fix | Delete

'toggleValue' => !!wfConfig::get('max404Humans_enabled') ? 1 : 0,

[159] Fix | Delete

'rateOptionName' => 'max404Humans',

[160] Fix | Delete

'rateOptions' => $rateOptions,

[161] Fix | Delete

'rateValue' => wfConfig::get('max404Humans'),

[162] Fix | Delete

'lowValue' => 60,

[163] Fix | Delete

'actionOptionName' => 'max404Humans_action',

[164] Fix | Delete

'actionOptions' => $actionOptions,

[165] Fix | Delete

'actionValue' => wfConfig::get('max404Humans_action'),

[166] Fix | Delete

'title' => __('If a human\'s pages not found (404s) exceed', 'wordfence'),

[167] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_RATE_LIMIT_HUMAN_404),

[168] Fix | Delete

))->render();

[169] Fix | Delete

?>

[170] Fix | Delete

</li>

[171] Fix | Delete

<li>

[172] Fix | Delete

<?php

[173] Fix | Delete

$breakpoints = array(60, 300, 1800, 3600, 7200, 21600, 43200, 86400, 172800, 432000, 864000, 2592000);

[174] Fix | Delete

$options = array();

[175] Fix | Delete

foreach ($breakpoints as $b) {

[176] Fix | Delete

$options[] = array('value' => $b, 'label' => wfUtils::makeDuration($b));

[177] Fix | Delete

}

[178] Fix | Delete

echo wfView::create('options/option-select', array(

[179] Fix | Delete

'selectOptionName' => 'blockedTime',

[180] Fix | Delete

'selectOptions' => $options,

[181] Fix | Delete

'selectValue' => wfConfig::getInt('blockedTime'),

[182] Fix | Delete

'title' => __('How long is an IP address blocked when it breaks a rule', 'wordfence'),

[183] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_AUTOMATIC_BLOCK_DURATION),

[184] Fix | Delete

))->render();

[185] Fix | Delete

?>

[186] Fix | Delete

</li>

[187] Fix | Delete

<li>

[188] Fix | Delete

<?php

[189] Fix | Delete

echo wfView::create('options/option-textarea', array(

[190] Fix | Delete

'textOptionName' => 'allowed404s',

[191] Fix | Delete

'textValue' => wfUtils::cleanupOneEntryPerLine(wfConfig::get('allowed404s')),

[192] Fix | Delete

'title' => __('Allowlisted 404 URLs', 'wordfence'),

[193] Fix | Delete

'subtitle' => __('These URL patterns will be excluded from the throttling rules used to limit crawlers.', 'wordfence'),

[194] Fix | Delete

'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_WHITELISTED_404),

[195] Fix | Delete

))->render();

[196] Fix | Delete

?>

[197] Fix | Delete

</li>

[198] Fix | Delete

</ul>

[199] Fix | Delete

<script type="application/javascript">

[200] Fix | Delete

(function($) {

[201] Fix | Delete

WFAD.updateRateLimitDisplay = function(value, lowValue, warningElement) {

[202] Fix | Delete

var hide = true;

[203] Fix | Delete

if (Number.isNaN) { //Anything except IE

[204] Fix | Delete

var originalRateValue = Number.parseInt(value);

[205] Fix | Delete

var lowValue = Number.parseInt(lowValue);

[206] Fix | Delete

if (!Number.isNaN(originalRateValue) && !Number.isNaN(lowValue)) {

[207] Fix | Delete

if (originalRateValue < lowValue) {

[208] Fix | Delete

hide = false;

[209] Fix | Delete

}

[210] Fix | Delete

}

[211] Fix | Delete

}

[212] Fix | Delete

else { //IE

[213] Fix | Delete

var originalRateValue = parseInt(value);

[214] Fix | Delete

var lowValue = parseInt(lowValue);

[215] Fix | Delete

if (!isNaN(originalRateValue) && !isNaN(lowValue)) {

[216] Fix | Delete

if (originalRateValue < lowValue) {

[217] Fix | Delete

hide = false;

[218] Fix | Delete

}

[219] Fix | Delete

}

[220] Fix | Delete

}

[221] Fix | Delete

[222] Fix | Delete

$(warningElement).css('display', hide ? 'none' : 'block');

[223] Fix | Delete

};

[224] Fix | Delete

[225] Fix | Delete

$(function() {

[226] Fix | Delete

$('.wf-option.wf-option-rate-limit > .wf-option-content > ul > li.wf-option-select select').wfselect2({

[227] Fix | Delete

minimumResultsForSearch: -1

[228] Fix | Delete

}).on('change', function () {

[229] Fix | Delete

var optionElement = $(this).closest('.wf-option');

[230] Fix | Delete

if ($(this).hasClass('wf-rate-limit-rate')) {

[231] Fix | Delete

var option = optionElement.data('rateOption');

[232] Fix | Delete

var value = $(this).val();

[233] Fix | Delete

[234] Fix | Delete

var originalValue = optionElement.data('originalRateValue');

[235] Fix | Delete

if (originalValue == value) {

[236] Fix | Delete

delete WFAD.pendingChanges[option];

[237] Fix | Delete

}

[238] Fix | Delete

else {

[239] Fix | Delete

WFAD.pendingChanges[option] = value;

[240] Fix | Delete

}

[241] Fix | Delete

[242] Fix | Delete

WFAD.updateRateLimitDisplay(value, $(optionElement).data('lowValue'), $(optionElement).find('.wf-rate-limit-warning'));

[243] Fix | Delete

}

[244] Fix | Delete

else if ($(this).hasClass('wf-rate-limit-action')) {

[245] Fix | Delete

var option = optionElement.data('actionOption');

[246] Fix | Delete

var value = $(this).val();

[247] Fix | Delete

[248] Fix | Delete

var originalValue = optionElement.data('originalActionValue');

[249] Fix | Delete

if (originalValue == value) {

[250] Fix | Delete

delete WFAD.pendingChanges[option];

[251] Fix | Delete

}

[252] Fix | Delete

else {

[253] Fix | Delete

WFAD.pendingChanges[option] = value;

[254] Fix | Delete

}

[255] Fix | Delete

}

[256] Fix | Delete

[257] Fix | Delete

WFAD.updatePendingChanges();

[258] Fix | Delete

}).triggerHandler('change');

[259] Fix | Delete

[260] Fix | Delete

$(window).on('wfOptionsReset', function() {

[261] Fix | Delete

$('.wf-option.wf-option-rate-limit').each(function() {

[262] Fix | Delete

var originalRateValue = $(this).data('originalRateValue');

[263] Fix | Delete

$(this).find('.wf-rate-limit-rate').val(originalRateValue).trigger('change');

[264] Fix | Delete

var originalActionValue = $(this).data('originalActionValue');

[265] Fix | Delete

$(this).find('.wf-rate-limit-action').val(originalActionValue).trigger('change');

[266] Fix | Delete

WFAD.updateRateLimitDisplay($(this).data('originalRateValue'), $(this).data('lowValue'), $(this).find('.wf-rate-limit-warning'));

[267] Fix | Delete

});

[268] Fix | Delete

});

[269] Fix | Delete

[270] Fix | Delete

//Initial warning display

[271] Fix | Delete

$('.wf-option.wf-option-rate-limit').each(function() {

[272] Fix | Delete

WFAD.updateRateLimitDisplay($(this).data('originalRateValue'), $(this).data('lowValue'), $(this).find('.wf-rate-limit-warning'));

[273] Fix | Delete

});

[274] Fix | Delete

});

[275] Fix | Delete

})(jQuery);

[276] Fix | Delete

</script>

[277] Fix | Delete

</div>

[278] Fix | Delete

</div>

[279] Fix | Delete

</div>

[280] Fix | Delete

</div> <!-- end rate limiting -->

[281] Fix | Delete