From 81d8f88a560f836e9932f5a0f713d06b9f8009cc Mon Sep 17 00:00:00 2001
From: karl anderson <karl@2600hz.com>
Date: Fri, 5 Jun 2015 17:53:34 -0400
Subject: [PATCH] KAZOO-3792: tweak antiflood default parameters

---
 kamailio/antiflood-role.cfg   | 20 +++++++++++++-------
 kamailio/fast-pickup-role.cfg |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/kamailio/antiflood-role.cfg b/kamailio/antiflood-role.cfg
index d6e8a11..5d72480 100644
--- a/kamailio/antiflood-role.cfg
+++ b/kamailio/antiflood-role.cfg
@@ -1,11 +1,11 @@
 #!trydef ANTIFLOOD_RATE_WINDOW 2
 #!trydef ANTIFLOOD_RATE_DENSITY 50
 #!trydef ANTIFLOOD_RATE_EXPIRE 4
-#!trydef ANTIFLOOD_FAILED_AUTH_WINDOW 120
-#!trydef ANTIFLOOD_FAILED_AUTH_DENSITY 3
+#!trydef ANTIFLOOD_FAILED_AUTH_WINDOW 300
+#!trydef ANTIFLOOD_FAILED_AUTH_DENSITY 4
 
 ######## Flood Prevention Hash Tables ########
-modparam("htable", "htable", "failed_auth_hash=>size=8;autoexpire=3600;")
+modparam("htable", "htable", "failed_auth_hash=>size=16;autoexpire=3600;")
 
 ######## Flood Prevention Module ########
 loadmodule "pike.so"
@@ -40,7 +40,8 @@ route[ANITFLOOD_AUTH_LIMIT]
         $var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW;
         if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
             xlog("L_NOTICE", "$ci|end|request at authorization failure limit for $Au $si:$sp");
-            drop();
+            append_to_reply("Retry-After: 3600\r\n");
+            sl_send_reply("500", "Retry Later");
             exit;
         } else {
             $sht(failed_auth_hash=>$Au::count) = 0;
@@ -51,7 +52,11 @@ route[ANITFLOOD_AUTH_LIMIT]
 route[ANTIFLOOD_SUCCESSFUL_AUTH]
 {
     if ($Au != $null && $sht(failed_auth_hash=>$Au::count) != $null) {
-        $sht(failed_auth_hash=>$Au::count) = 0;
+        $sht(failed_auth_hash=>$Au::count) = $null;
+    }
+
+    if ($Au != $null && $sht(failed_auth_hash=>$Au::last) != $null) {
+        $sht(failed_auth_hash=>$Au::last) = $null;
     }
 }
 
@@ -73,8 +78,9 @@ route[ANITFLOOD_FAILED_AUTH]
    if ($sht(failed_auth_hash=>$Au::count) >= ANTIFLOOD_FAILED_AUTH_DENSITY) { 
         $var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW;
         if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
-            xlog("L_INFO", "$ci|end|registration forbidden $Au $si:$sp");
-            send_reply("403", "Forbidden");
+            xlog("L_NOTICE", "$ci|end|request at authorization failure limit for $Au $si:$sp");
+            append_to_reply("Retry-After: 3600\r\n");
+            sl_send_reply("500", "Retry Later");
             exit;
         }
   }
diff --git a/kamailio/fast-pickup-role.cfg b/kamailio/fast-pickup-role.cfg
index 00c4036..c9e5251 100644
--- a/kamailio/fast-pickup-role.cfg
+++ b/kamailio/fast-pickup-role.cfg
@@ -1,5 +1,5 @@
 ######## FAST PICKUP ROLE ########
-modparam("htable", "htable", "park=>size=4;autoexpire=600")
+modparam("htable", "htable", "park=>size=16;autoexpire=600")
 modparam("htable", "htable", "fp=>size=32;autoexpire=3600;");
 
 route[FAST_PICKUP_ATTEMPT]