Use message watches in bruteforcers ban script to improve behavior under load.
Improved some code comments in the script. git-svn-id: http://yate.null.ro/svn/yate/trunk@5594 acf43c95-373e-0410-b603-e72c3f656dc1
This commit is contained in:
paulc
parent
fd9593ce55
commit
ab23197719
|
|
@ -5,7 +5,7 @@
|
|||
* This file is part of the YATE Project http://YATE.null.ro
|
||||
*
|
||||
* Yet Another Telephony Engine - a fully featured software PBX and IVR
|
||||
* Copyright (C) 2011-2012 Null Team
|
||||
* Copyright (C) 2011-2013 Null Team
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -31,6 +31,9 @@
|
|||
banbrutes.php=NNN
|
||||
where NNN >= 2 is the number of failures causing a ban
|
||||
|
||||
If you are using SIP proxies or clients with multiple subscriptions you will need to
|
||||
allow more failures for each since each separate transaction will fail once
|
||||
|
||||
This script requires Yate to run as root or have permissions to run iptables
|
||||
*/
|
||||
|
||||
|
|
@ -270,7 +273,7 @@ function onHelp($l,&$retval)
|
|||
Yate::Init();
|
||||
// Comment the next line to get output only in logs, not in rmanager
|
||||
Yate::Output(true);
|
||||
// Uncomment the next line to get debugging details
|
||||
// Uncomment the next line to get debugging details by default
|
||||
//Yate::Debug(true);
|
||||
|
||||
$n = round(1 * Yate::Arg());
|
||||
|
|
@ -279,8 +282,8 @@ if ($n >= 2)
|
|||
|
||||
Yate::SetLocal("trackparam","banbrutes");
|
||||
Yate::Watch("user.auth");
|
||||
Yate::Install("user.authfail",120);
|
||||
Yate::Install("engine.timer",150);
|
||||
Yate::Watch("user.authfail");
|
||||
Yate::Watch("engine.timer");
|
||||
Yate::Install("engine.command",120);
|
||||
Yate::Install("engine.help",150);
|
||||
Yate::SetLocal("restart",true);
|
||||
|
|
@ -293,13 +296,6 @@ for (;;) {
|
|||
continue;
|
||||
if ($ev->type == "incoming") {
|
||||
switch ($ev->name) {
|
||||
case "user.authfail":
|
||||
$addr = $ev->GetValue("ip_host");
|
||||
if ($addr != "")
|
||||
updateAuth($addr,false);
|
||||
case "engine.timer":
|
||||
onTimer();
|
||||
break;
|
||||
case "engine.command":
|
||||
if ($ev->GetValue("line"))
|
||||
$ev->handled = onCommand($ev->GetValue("line"),$ev->retval);
|
||||
|
|
@ -313,10 +309,21 @@ for (;;) {
|
|||
$ev->Acknowledge();
|
||||
}
|
||||
if ($ev->type == "answer") {
|
||||
// This is the watched user.auth
|
||||
$addr = $ev->GetValue("ip_host");
|
||||
if ($addr != "")
|
||||
updateAuth($addr,$ev->handled && ($ev->retval != "-"));
|
||||
switch ($ev->name) {
|
||||
case "user.auth":
|
||||
$addr = $ev->GetValue("ip_host");
|
||||
if ($addr != "")
|
||||
updateAuth($addr,$ev->handled && ($ev->retval != "-"));
|
||||
break;
|
||||
case "user.authfail":
|
||||
$addr = $ev->GetValue("ip_host");
|
||||
if ($addr != "")
|
||||
updateAuth($addr,false);
|
||||
break;
|
||||
case "engine.timer":
|
||||
onTimer();
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue