Mercurial > prosody-modules
annotate mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5585:5b316088bef5
mod_rest: Use logger of HTTP request in trunk
In Prosody trunk rev c975dafa4303 each HTTP request gained its own log
sink, to make it easy to log things related to each request and group
those messages. Especially where async is used, spreading the request
and response apart as mod_rest does with iq stanzas, this grouped
logging should help find related messages.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 07 Jul 2023 00:10:37 +0200 |
| parents | 7dbde05b48a9 |
| children | e79f9dec35c0 |
| rev | line source |
|---|---|
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 -- Clients Connection Throttler. |
|
929
9eefbaba274d
mod_c2s_conn_throttle: shorten / update header, as wiki was added.
Marco Cirillo <maranda@lightwitch.org>
parents:
612
diff
changeset
|
2 -- (C) 2012-2013, Marco Cirillo (LW.Org) |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 local time = os.time |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 local in_count = {} |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 local throttle_time = module:get_option_number("cthrottler_time", 60) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 local function handle_sessions(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 if not in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 in_count[session.ip] = { t = time(), c = 1 } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
16 |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
18 module:log("error", "Exceeded login count for %s, closing connection", session.ip) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 return true |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 elseif time() - in_count[session.ip].t > throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 in_count[session.ip] = nil ; return |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
24 end |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 local function check_starttls(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 in_count[session.ip].starttls_c = 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
34 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
35 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
36 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
37 module:hook("stream-features", handle_sessions, 100) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
38 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |