Comparison

mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 612:15763c1d085c

mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
author Marco Cirillo <maranda@lightwitch.org>
date Sun, 12 Feb 2012 21:58:07 +0000
child 929:9eefbaba274d
comparison
equal deleted inserted replaced
611:d87a9e1e6d30 612:15763c1d085c
1 -- Clients Connection Throttler.
2 -- Usage:
3 -- Add the module into modules loaded into the virtual host section
4 --
5 -- cthrottler_logins_count = 3 -> number of logins attempt allowed
6 -- cthrottler_time = 120 -> in x seconds
7
8 local time = os.time
9 local in_count = {}
10 local logins_count = module:get_option_number("cthrottler_logins_count", 3)
11 local throttle_time = module:get_option_number("cthrottler_time", 60)
12
13 local function handle_sessions(event)
14 local session = event.origin
15
16 if not in_count[session.ip] and session.type == "c2s_unauthed" then
17 in_count[session.ip] = { t = time(), c = 1 }
18 elseif in_count[session.ip] and session.type == "c2s_unauthed" then
19 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end
20
21 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then
22 module:log("error", "Exceeded login count for %s, closing connection", session.ip)
23 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." }
24 return true
25 elseif time() - in_count[session.ip].t > throttle_time then
26 in_count[session.ip] = nil ; return
27 end
28 end
29 end
30
31 local function check_starttls(event)
32 local session = event.origin
33
34 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then
35 in_count[session.ip].starttls_c = 1
36 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then
37 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1
38 end
39 end
40
41 module:hook("stream-features", handle_sessions, 100)
42 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100)