author | Marco Cirillo <maranda@lightwitch.org> |
Thu, 09 Feb 2012 00:56:47 +0000 | |
changeset 604 | 17e879822700 |
permissions | -rw-r--r-- |
604
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 |
-- Clients Connection Throttler. |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
2 |
-- Usage: |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
-- Add the module into modules loaded into the virtual host section |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 |
-- |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 |
-- cthrottler_logins_count = 3 -> number of logins attempt allowed |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 |
-- cthrottler_time = 120 -> in x seconds |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 |
|
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 |
local time = os.time |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 |
local in_count = {} |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 |
local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 |
local throttle_time = module:get_option_number("cthrottler_time", 60) |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 |
|
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 |
local function handle_sessions(event) |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 |
local session = event.origin |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 |
|
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
16 |
if not in_count[session.ip] and session.type == "c2s_unauthed" then |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 |
in_count[session.ip] = { t = time(), c = 1 } |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
18 |
elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 |
in_count[session.ip].c = in_count[session.ip].c + 1 |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 |
|
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 |
if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 |
module:log("error", "Exceeded login count for %s, closing connection", session.ip) |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 |
session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
24 |
return true |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 |
elseif time() - in_count[session.ip].t > throttle_time then |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 |
in_count[session.ip] = nil ; return |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 |
end |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 |
end |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 |
end |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 |
|
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 |
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", handle_sessions, 100) |
17e879822700
mod_c2s_auth_throttle: first commit
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 |
module:hook("stanza/iq/jabber:iq:auth:query", handle_sessions, 100) -- Legacy? |