CodeIgniter Forums
Rate Limit when they throw exception? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Rate Limit when they throw exception? (/showthread.php?tid=91430)



Rate Limit when they throw exception? - CIDave - 08-08-2024

Hi!
I have an annoying spammer who will occasionally trigger lots of error logs for bad CSRF tokens.
Basically they keep throwing the throw SecurityException::forDisallowedAction(); action from system/Security/Security.php

Is there a way to trigger a rate limit so that for every time this error occurs, they will eventually get blocked from using the site? This person did it like 500+ times over the course of an hour so it wouldn't catch many innocent users.


RE: Rate Limit when they throw exception? - InsiteFX - 08-08-2024

You can take a look at this.

CodeIgniter 4 User Guide - Library - Reference - Throttler


RE: Rate Limit when they throw exception? - CIDave - 08-09-2024

Anyway to trigger the throttle when the exception happens? I can see the filter can hook into POST requests but not sure if it can hook into exceptions?


RE: Rate Limit when they throw exception? - kenjis - 08-09-2024

Customize CSRF filter:
https://github.com/codeigniter4/CodeIgniter4/blob/5a340d01298505bbb22efd52bf231ab64a8c23bb/system/Filters/CSRF.php#L48-L65

See also 
- https://codeigniter.com/user_guide/incoming/filters.html#creating-a-filter
- https://codeigniter.com/user_guide/incoming/filters.html#configuring-filters


RE: Rate Limit when they throw exception? - CIDave - 08-10-2024

(08-09-2024, 06:58 PM)kenjis Wrote: Customize CSRF filter:
https://github.com/codeigniter4/CodeIgniter4/blob/5a340d01298505bbb22efd52bf231ab64a8c23bb/system/Filters/CSRF.php#L48-L65

See also 
- https://codeigniter.com/user_guide/incoming/filters.html#creating-a-filter
- https://codeigniter.com/user_guide/incoming/filters.html#configuring-filters

Perfect ! Thank you Smile