diff options
| author | Brendan Abolivier <contact@brendanabolivier.com> | 2019-03-15 17:46:16 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-15 17:46:16 +0000 |
| commit | 899e523d6d92dfbc17dce81eb36f63053e447a97 (patch) | |
| tree | 5a8e2a7b2638cdc06a6dd4c8736c828c25ba47b9 /synapse/config | |
| parent | Merge pull request #4855 from matrix-org/rav/refactor_transaction_queue (diff) | |
| download | synapse-899e523d6d92dfbc17dce81eb36f63053e447a97.tar.xz | |
Add ratelimiting on login (#4821)
Add two ratelimiters on login (per-IP address and per-userID).
Diffstat (limited to 'synapse/config')
| -rw-r--r-- | synapse/config/ratelimiting.py | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py index 093042fdb9..649f018356 100644 --- a/synapse/config/ratelimiting.py +++ b/synapse/config/ratelimiting.py @@ -15,25 +15,30 @@ from ._base import Config +class RateLimitConfig(object): + def __init__(self, config): + self.per_second = config.get("per_second", 0.17) + self.burst_count = config.get("burst_count", 3.0) + + class RatelimitConfig(Config): def read_config(self, config): self.rc_messages_per_second = config["rc_messages_per_second"] self.rc_message_burst_count = config["rc_message_burst_count"] + self.rc_registration = RateLimitConfig(config.get("rc_registration", {})) + + rc_login_config = config.get("rc_login", {}) + self.rc_login_address = RateLimitConfig(rc_login_config.get("address", {})) + self.rc_login_account = RateLimitConfig(rc_login_config.get("account", {})) + self.federation_rc_window_size = config["federation_rc_window_size"] self.federation_rc_sleep_limit = config["federation_rc_sleep_limit"] self.federation_rc_sleep_delay = config["federation_rc_sleep_delay"] self.federation_rc_reject_limit = config["federation_rc_reject_limit"] self.federation_rc_concurrent = config["federation_rc_concurrent"] - self.rc_registration_requests_per_second = config.get( - "rc_registration_requests_per_second", 0.17, - ) - self.rc_registration_request_burst_count = config.get( - "rc_registration_request_burst_count", 3, - ) - def default_config(self, **kwargs): return """\ ## Ratelimiting ## @@ -46,6 +51,34 @@ class RatelimitConfig(Config): # rc_message_burst_count: 10.0 + # Ratelimiting settings for registration and login. + # + # Each ratelimiting configuration is made of two parameters: + # - per_second: number of requests a client can send per second. + # - burst_count: number of requests a client can send before being throttled. + # + # Synapse currently uses the following configurations: + # - one for registration that ratelimits registration requests based on the + # client's IP address. + # - one for login that ratelimits login requests based on the client's IP + # address. + # - one for login that ratelimits login requests based on the account the + # client is attempting to log into. + # + # The defaults are as shown below. + # + #rc_registration: + # per_second: 0.17 + # burst_count: 3 + # + #rc_login: + # address: + # per_second: 0.17 + # burst_count: 3 + # account: + # per_second: 0.17 + # burst_count: 3 + # The federation window size in milliseconds # federation_rc_window_size: 1000 @@ -69,15 +102,4 @@ class RatelimitConfig(Config): # single server # federation_rc_concurrent: 3 - - # Number of registration requests a client can send per second. - # Defaults to 1/minute (0.17). - # - #rc_registration_requests_per_second: 0.17 - - # Number of registration requests a client can send before being - # throttled. - # Defaults to 3. - # - #rc_registration_request_burst_count: 3.0 """ |