| author | Kim Alvefur <zash@zash.se> |
| Sun, 03 Mar 2024 11:23:40 +0100 | |
| changeset 5857 | 97c9b76867ca |
| parent 5791 | e79f9dec35c0 |
| permissions | -rw-r--r-- |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 |
-- Clients Connection Throttler. |
|
929
9eefbaba274d
mod_c2s_conn_throttle: shorten / update header, as wiki was added.
Marco Cirillo <maranda@lightwitch.org>
parents:
612
diff
changeset
|
2 |
-- (C) 2012-2013, Marco Cirillo (LW.Org) |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 |
local time = os.time |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 |
local in_count = {} |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 |
local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 |
local throttle_time = module:get_option_number("cthrottler_time", 60) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 |
local function handle_sessions(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 |
local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 |
if not in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 |
in_count[session.ip] = { t = time(), c = 1 } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 |
elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 |
if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
16 |
|
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 |
if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
|
5791
e79f9dec35c0
mod_c2s_conn_throttle: Reduce log level from error->info
Matthew Wild <mwild1@gmail.com>
parents:
1343
diff
changeset
|
18 |
module:log("info", "Exceeded login count for %s, closing connection", session.ip) |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 |
session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 |
return true |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 |
elseif time() - in_count[session.ip].t > throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 |
in_count[session.ip] = nil ; return |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 |
end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
24 |
end |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 |
end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 |
local function check_starttls(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 |
local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 |
if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 |
in_count[session.ip].starttls_c = 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 |
elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 |
in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
34 |
end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
35 |
end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
36 |
|
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
37 |
module:hook("stream-features", handle_sessions, 100) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
38 |
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |