Software /
code /
prosody-modules
Annotate
mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5296:0f5657db1cfc
mod_isolate_host: handle server-generated stanzas
The hook for setting the no_host_isolation is only called for c2s
sessions. This does not work for stanzas generated by the server,
such as PEP notifications or presence probe answers.
To handle that, we do per-stanza checks for the case that the origin
is local.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Sat, 01 Apr 2023 12:03:08 +0200 |
parent | 1343:7dbde05b48a9 |
child | 5810:e79f9dec35c0 |
rev | line source |
---|---|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 -- Clients Connection Throttler. |
929
9eefbaba274d
mod_c2s_conn_throttle: shorten / update header, as wiki was added.
Marco Cirillo <maranda@lightwitch.org>
parents:
612
diff
changeset
|
2 -- (C) 2012-2013, Marco Cirillo (LW.Org) |
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 local time = os.time |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 local in_count = {} |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 local throttle_time = module:get_option_number("cthrottler_time", 60) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 local function handle_sessions(event) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 local session = event.origin |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 if not in_count[session.ip] and session.type == "c2s_unauthed" then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 in_count[session.ip] = { t = time(), c = 1 } |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
16 |
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
18 module:log("error", "Exceeded login count for %s, closing connection", session.ip) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 return true |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 elseif time() - in_count[session.ip].t > throttle_time then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 in_count[session.ip] = nil ; return |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
24 end |
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 end |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 local function check_starttls(event) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 local session = event.origin |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 in_count[session.ip].starttls_c = 1 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
34 end |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
35 end |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
36 |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
37 module:hook("stream-features", handle_sessions, 100) |
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
38 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |