zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 09:57:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

ratelimit fix

Browse source
This commit is contained in:
Georg Kahest 2015-11-23 16:38:56 +02:00
parent 15e2a416da
commit abae4e254a
3 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/epp_controller.rb
View file

@ -382,6 +382,6 @@ class EppController < ApplicationController
def iptables_counter_update
return if ENV['iptables_counter_enabled'].blank? && ENV['iptables_counter_enabled'] != 'true'
return if current_user.blank?
counter_update(current_user.registrar_code, request.ip)
counter_update(current_user.registrar_code, ENV['iptables_server_ip'])
end
end

1
config/application-example.yml
View file

@ -61,6 +61,7 @@ contact_org_enabled: 'false'
# Enable iptables counter updater
# iptables_counter_enabled: 'true'
# iptables_server_ip: '127.0.0.1'
# Custom legal document types. Changing this requires updating EPP extension schema for allowed legalDocEnumType values.
# System default for legal document types is: pdf,bdoc,ddoc,zip,rar,gz,tar,7z,odt,doc,docx

11
doc/debian_build_doc.md
View file

@ -83,11 +83,14 @@ Iptables hitcounter is updated by application. For every registrar there is one
````
#!/bin/bash
iptables -A INPUT -p tcp --dport 700 -j CHKLIMITS
iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR_SOURCE -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR_SOURCE2 -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR2_SOURCE -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR2_SOURCE2 -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -N CHKLIMITS
iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR_SOURCE -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR_SOURCE2 -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR2_SOURCE -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR2_SOURCE2 -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
````