ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
306 Commits
23 Branches
2.0 MiB
 
 
Tree: d18ca5de53
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd18ca5de53'
${ noResults }
kazoo-configs-kamailio/kamailio/antiflood-role.cfg

71 lines
2.0 KiB
Raw Blame History

#!trydef ANTIFLOOD_RATE_WINDOW 2
#!trydef ANTIFLOOD_RATE_DENSITY 50
#!trydef ANTIFLOOD_RATE_EXPIRE 4
#!trydef ANTIFLOOD_FAILED_AUTH_WINDOW 120
#!trydef ANTIFLOOD_FAILED_AUTH_DENSITY 3
######## Flood Prevention Hash Tables ########
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
modparam("htable", "htable", "failed_auth_hash=>size=8;autoexpire=125;")
######## Flood Prevention Module ########
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", ANTIFLOOD_RATE_WINDOW)
modparam("pike", "reqs_density_per_unit", ANTIFLOOD_RATE_DENSITY)
modparam("pike", "remove_latency", ANTIFLOOD_RATE_EXPIRE)
route[ANTIFLOOD_RATE_LIMIT]
{
if (has_totag() || isflagset(FLAG_TRUSTED_SOURCE)) {
return;
}
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xlog("$ci|log|dropping $rm request from $fu with banned IP $si:$sp");
drop();
exit;
}
# use pike to control the rates
if (!pike_check_req()) {
xlog("L_WARN", "$ci|log|pike dropping $rm from $fu due to rate of requests with source $si:$sp");
$sht(ipban=>$si) = 1;
drop();
exit;
}
}
route[ANITFLOOD_AUTH_LIMIT]
{
if (isflagset(FLAG_TRUSTED_SOURCE)) {
return(1);
}
if($sht(failed_auth_hash=>$Au::count) >= ANTIFLOOD_FAILED_AUTH_DENSITY) {
$var(exp) = $Ts - ANTIFLOOD_FAILED_AUTH_WINDOW;
if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
$sht(failed_auth_hash=>$Au::last) = $Ts;
xlog("L_WARN", "$ci|log|ignoring erroneous endpoint registrations from $ct for $Au");
return(-1);
} else {
$sht(failed_auth_hash=>$Au::count) = 0;
}
}
return(1);
}
route[ANITFLOOD_FAILED_AUTH]
{
if (isflagset(FLAG_TRUSTED_SOURCE)) {
return;
}
if($sht(failed_auth_hash=>$Au::count) == $null) {
$sht(failed_auth_hash=>$Au::count) = 0;
}
$sht(failed_auth_hash=>$Au::count) = $sht(failed_auth_hash=>$Au::count) + 1;
$sht(failed_auth_hash=>$Au::last) = $Ts;
}