Software `/` code `/` prosody-modules

Annotate

mod_limit_auth/README.markdown @ 5810:e79f9dec35c0

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.

author	Matthew Wild <mwild1@gmail.com>
date	Thu, 07 Dec 2023 15:46:50 +0000
parent	2121:4916c1b6517f

rev	line source
1858 5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	1 ---
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	2 summary: Throttle authentication attempts with optional tarpit
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	3 ...
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	4
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	5 Introduction
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	6 ============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	7
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	8 This module lets you put a per-IP limit on the number of failed
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	9 authentication attempts.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	10
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	11 It features an optioanal
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	12 [tarpit](https://en.wikipedia.org/wiki/Tarpit_%28networking%29), i.e.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	13 waiting some time before returning an "authentication failed" response.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	14
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	15 Configuration
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	16 =============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	17
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	18 ``` {.lua}
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	19 modules_enabled = {
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	20 -- your other modules
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	21 "limit_auth";
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	22 }
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	23
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	24 limit_auth_period = 30 -- over 30 seconds
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	25
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	26 limit_auth_max = 5 -- tolerate no more than 5 failed attempts
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	27
2121 4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10) Kim Alvefur <zash@zash.se> parents: 1858 diff changeset	28 -- Will only work with Prosody trunk:
1858 5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	29 limit_auth_tarpit_delay = 10 -- delay answer this long
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	30 ```
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	31
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	32 Compatibility
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	33 =============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	34
2121 4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10) Kim Alvefur <zash@zash.se> parents: 1858 diff changeset	35 Requires 0.9 or later. The tarpit feature requires Prosody trunk.

prosody-modules

e79f9dec35c0

mod_limit_auth/README.markdown

Software / code / prosody-modules

Annotate

mod_limit_auth/README.markdown @ 5810:e79f9dec35c0

Software `/` code `/` prosody-modules