Make rate limit for subnet (webmail) configurable

master
Michael Wyraz 5 years ago
parent bee80b5c64
commit a7f787f914

@ -32,6 +32,7 @@ DEFAULT_CONFIG = {
'POSTMASTER': 'postmaster', 'POSTMASTER': 'postmaster',
'TLS_FLAVOR': 'cert', 'TLS_FLAVOR': 'cert',
'AUTH_RATELIMIT': '10/minute;1000/hour', 'AUTH_RATELIMIT': '10/minute;1000/hour',
'AUTH_RATELIMIT_SUBNET': True,
'DISABLE_STATISTICS': False, 'DISABLE_STATISTICS': False,
# Mail settings # Mail settings
'DMARC_RUA': None, 'DMARC_RUA': None,

@ -13,25 +13,25 @@ class Limiter:
self.limiter = None self.limiter = None
self.rate = None self.rate = None
self.subnet = None self.subnet = None
self.rate_limit_subnet = True
def init_app(self, app): def init_app(self, app):
self.storage = limits.storage.storage_from_string(app.config["RATELIMIT_STORAGE_URL"]) self.storage = limits.storage.storage_from_string(app.config["RATELIMIT_STORAGE_URL"])
self.limiter = limits.strategies.MovingWindowRateLimiter(self.storage) self.limiter = limits.strategies.MovingWindowRateLimiter(self.storage)
self.rate = limits.parse(app.config["AUTH_RATELIMIT"]) self.rate = limits.parse(app.config["AUTH_RATELIMIT"])
self.rate_limit_subnet = str(app.config["AUTH_RATELIMIT_SUBNET"])!='False'
self.subnet = ipaddress.ip_network(app.config["SUBNET"]) self.subnet = ipaddress.ip_network(app.config["SUBNET"])
def check(self,clientip): def check(self,clientip):
# TODO: activate this code if we have limits at webmail level # disable limits for internal requests (e.g. from webmail)?
#if ipaddress.ip_address(clientip) in self.subnet: if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
# # no limits for internal requests (e.g. from webmail) return
# return
if not self.limiter.test(self.rate,"client-ip",clientip): if not self.limiter.test(self.rate,"client-ip",clientip):
raise RateLimitExceeded() raise RateLimitExceeded()
def hit(self,clientip): def hit(self,clientip):
# TODO: activate this code if we have limits at webmail level # disable limits for internal requests (e.g. from webmail)?
#if ipaddress.ip_address(clientip) in self.subnet: if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
# # no limits for internal requests (e.g. from webmail) return
# return
if not self.limiter.hit(self.rate,"client-ip",clientip): if not self.limiter.hit(self.rate,"client-ip",clientip):
raise RateLimitExceeded() raise RateLimitExceeded()

Loading…
Cancel
Save