Coolcat,
I am trying to adapt the anti-flood MUC profile for raptor, have a few questions. I took the example from the raptor doc under “Comments”, and pasted here. For the example how can I revise to achieve the following goals.
- To apply only to the MUC room that the flood is occurring, thereby not interrupting other MUC messaging? Potentially I may also want to limit any sent message regardless, not just to MUCs.
- In addition to stopping three consecutive messaging user requests, count the size of the message as well, so that if they cut and paste >2K message, that it will also be dropped?
- How can the raptor info.log message be communicated back to the offending sender?
Please let me know if this is possible via Raptor. It seems like a sophisticated tool, but also takes some dedicated studying to understand how these rule systems can be properly devised.
Thank you
<?xml version="1.0" encoding="UTF-8"?>MUC-FloodDetection
This example is a simple flood detection for MUC-rooms. If it detects a flood all packets from the user are dropped for the next 3 seconds.
2
<action:rule>
<if>
<check:packet packet="MESSAGE" />
<check:address fromtype="ANY" from="" totype="DOMAIN" to="conference.localhost" />
</if>
<then>
<action:rule>
<if>
<check:count counter="TIMER" count="FROM" compare="GREATER" ref="0"/>
</if>
<then>
<action:drop/>
</then>
</action:rule>
<action:count counter="TRAFFIC" count="FROM"/>
<action:rule>
<if>
<check:set_count counter="TRAFFIC" count="FROM" compare="GREATER" ref="3" newvalue="0"/>
</if>
<then>
<action:set_count counter="TIMER" count="FROM" newvalue="6"/>
<action:log mode="FROM">Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:log>
<action:drop/>
</then>
</action:rule>
</then>
</action:rule>