ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

KAZOO-3792: tweak antiflood default parameters

3.21
karl anderson 11 years ago
parent
765dce7da8
commit
81d8f88a56
2 changed files with 14 additions and 8 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +13
    -7
      kamailio/antiflood-role.cfg
  2. +1
    -1
      kamailio/fast-pickup-role.cfg

+ 13
- 7
kamailio/antiflood-role.cfg View File

@ -1,11 +1,11 @@
#!trydef ANTIFLOOD_RATE_WINDOW 2 #!trydef ANTIFLOOD_RATE_WINDOW 2
#!trydef ANTIFLOOD_RATE_DENSITY 50 #!trydef ANTIFLOOD_RATE_DENSITY 50
#!trydef ANTIFLOOD_RATE_EXPIRE 4 #!trydef ANTIFLOOD_RATE_EXPIRE 4
#!trydef ANTIFLOOD_FAILED_AUTH_WINDOW 120
#!trydef ANTIFLOOD_FAILED_AUTH_DENSITY 3
#!trydef ANTIFLOOD_FAILED_AUTH_WINDOW 300
#!trydef ANTIFLOOD_FAILED_AUTH_DENSITY 4
######## Flood Prevention Hash Tables ######## ######## Flood Prevention Hash Tables ########
modparam("htable", "htable", "failed_auth_hash=>size=8;autoexpire=3600;")
modparam("htable", "htable", "failed_auth_hash=>size=16;autoexpire=3600;")
######## Flood Prevention Module ######## ######## Flood Prevention Module ########
loadmodule "pike.so" loadmodule "pike.so"
@ -40,7 +40,8 @@ route[ANITFLOOD_AUTH_LIMIT]
$var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW; $var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW;
if($sht(failed_auth_hash=>$Au::last) > $var(exp)){ if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
xlog("L_NOTICE", "$ci|end|request at authorization failure limit for $Au $si:$sp"); xlog("L_NOTICE", "$ci|end|request at authorization failure limit for $Au $si:$sp");
drop();
append_to_reply("Retry-After: 3600\r\n");
sl_send_reply("500", "Retry Later");
exit; exit;
} else { } else {
$sht(failed_auth_hash=>$Au::count) = 0; $sht(failed_auth_hash=>$Au::count) = 0;
@ -51,7 +52,11 @@ route[ANITFLOOD_AUTH_LIMIT]
route[ANTIFLOOD_SUCCESSFUL_AUTH] route[ANTIFLOOD_SUCCESSFUL_AUTH]
{ {
if ($Au != $null && $sht(failed_auth_hash=>$Au::count) != $null) { if ($Au != $null && $sht(failed_auth_hash=>$Au::count) != $null) {
$sht(failed_auth_hash=>$Au::count) = 0;
$sht(failed_auth_hash=>$Au::count) = $null;
}
if ($Au != $null && $sht(failed_auth_hash=>$Au::last) != $null) {
$sht(failed_auth_hash=>$Au::last) = $null;
} }
} }
@ -73,8 +78,9 @@ route[ANITFLOOD_FAILED_AUTH]
if ($sht(failed_auth_hash=>$Au::count) >= ANTIFLOOD_FAILED_AUTH_DENSITY) { if ($sht(failed_auth_hash=>$Au::count) >= ANTIFLOOD_FAILED_AUTH_DENSITY) {
$var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW; $var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW;
if($sht(failed_auth_hash=>$Au::last) > $var(exp)){ if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
xlog("L_INFO", "$ci|end|registration forbidden $Au $si:$sp");
send_reply("403", "Forbidden");
xlog("L_NOTICE", "$ci|end|request at authorization failure limit for $Au $si:$sp");
append_to_reply("Retry-After: 3600\r\n");
sl_send_reply("500", "Retry Later");
exit; exit;
} }
} }


+ 1
- 1
kamailio/fast-pickup-role.cfg View File

@ -1,5 +1,5 @@
######## FAST PICKUP ROLE ######## ######## FAST PICKUP ROLE ########
modparam("htable", "htable", "park=>size=4;autoexpire=600")
modparam("htable", "htable", "park=>size=16;autoexpire=600")
modparam("htable", "htable", "fp=>size=32;autoexpire=3600;"); modparam("htable", "htable", "fp=>size=32;autoexpire=3600;");
route[FAST_PICKUP_ATTEMPT] route[FAST_PICKUP_ATTEMPT]


Write Preview
Loading…
Cancel
Save