From 08e85ad68e1364925c1fc309f5382cbfe5499339 Mon Sep 17 00:00:00 2001
From: slerena <slerena@gmail.com>
Date: Thu, 26 Dec 2013 18:55:56 +0000
Subject: [PATCH] 2013-12-26  Sancho Lerena <slerena@artica.es>

        * include/api.php: Avoid to store API auth failure in
        session log to avoid DoS due high volume of transactions.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9262 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog       | 5 +++++
 pandora_console/include/api.php | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 33a6079b34..7ae7436322 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,8 @@
+2013-12-26  Sancho Lerena <slerena@artica.es>
+	
+	* include/api.php: Avoid to store API auth failure in
+	session log to avoid DoS due high volume of transactions.
+
 2013-12-19  Sergio Martin <sergio.martin@artica.es>
 
 	* include/functions_visual_map.php: Fixed string simple 
diff --git a/pandora_console/include/api.php b/pandora_console/include/api.php
index 333ba22c3c..b4bc588db0 100644
--- a/pandora_console/include/api.php
+++ b/pandora_console/include/api.php
@@ -117,7 +117,11 @@ if ($correctLogin) {
 	}
 }
 else {
-	db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
+	// TODO: Implement a new switch in config to enable / disable
+	// ACL auth failure: if enabled and have lots of traffic can produce millions
+	// of records and a considerable OVERHEAD in the system :(
+	
+	//db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
 	sleep (15);
 	
 	//Protection on DoS attacks