prosody-modules
15763c1d085c
mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua
Software / code / prosody-modules
Comparison
mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 612:15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Sun, 12 Feb 2012 21:58:07 +0000 |
| child | 929:9eefbaba274d |
comparison
equal
deleted
inserted
replaced
| 611:d87a9e1e6d30 | 612:15763c1d085c |
|---|---|
| 1 -- Clients Connection Throttler. | |
| 2 -- Usage: | |
| 3 -- Add the module into modules loaded into the virtual host section | |
| 4 -- | |
| 5 -- cthrottler_logins_count = 3 -> number of logins attempt allowed | |
| 6 -- cthrottler_time = 120 -> in x seconds | |
| 7 | |
| 8 local time = os.time | |
| 9 local in_count = {} | |
| 10 local logins_count = module:get_option_number("cthrottler_logins_count", 3) | |
| 11 local throttle_time = module:get_option_number("cthrottler_time", 60) | |
| 12 | |
| 13 local function handle_sessions(event) | |
| 14 local session = event.origin | |
| 15 | |
| 16 if not in_count[session.ip] and session.type == "c2s_unauthed" then | |
| 17 in_count[session.ip] = { t = time(), c = 1 } | |
| 18 elseif in_count[session.ip] and session.type == "c2s_unauthed" then | |
| 19 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end | |
| 20 | |
| 21 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then | |
| 22 module:log("error", "Exceeded login count for %s, closing connection", session.ip) | |
| 23 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } | |
| 24 return true | |
| 25 elseif time() - in_count[session.ip].t > throttle_time then | |
| 26 in_count[session.ip] = nil ; return | |
| 27 end | |
| 28 end | |
| 29 end | |
| 30 | |
| 31 local function check_starttls(event) | |
| 32 local session = event.origin | |
| 33 | |
| 34 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then | |
| 35 in_count[session.ip].starttls_c = 1 | |
| 36 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then | |
| 37 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 | |
| 38 end | |
| 39 end | |
| 40 | |
| 41 module:hook("stream-features", handle_sessions, 100) | |
| 42 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |
