Ignite Realtime: Raptor flood profile design help

Skip navigation

Up to Discussions in Community Plugins

2338 Views 4 Replies Latest reply: Feb 2, 2010 1:32 AM by Coolcat

slicer321

309 posts since
Apr 14, 2008

Currently Being Moderated

Feb 1, 2010 3:05 PM

Raptor flood profile design help

Coolcat,

I am trying to adapt the anti-flood MUC profile for raptor, have a few questions. I took the example from the raptor doc under "Comments", and pasted here. For the example how can I revise to achieve the following goals.

To apply only to the MUC room that the flood is occurring, thereby not interrupting other MUC messaging? Potentially I may also want to limit any sent message regardless, not just to MUCs.
In addition to stopping three consecutive messaging user requests, count the size of the message as well, so that if they cut and paste >2K message, that it will also be dropped?
How can the raptor info.log message be communicated back to the offending sender?

Please let me know if this is possible via Raptor. It seems like a sophisticated tool, but also takes some dedicated studying to understand how these rule systems can be properly devised.

Thank you

<?xml version="1.0" encoding="UTF-8"?>

<raptor xmlns:action="http://martin-weusten.de/raptor/action" xmlns:check="http://martin-weusten.de/raptor/check">

<name>MUC-FloodDetection</name>

<desc>This example is a simple flood detection for MUC-rooms. If it detects a flood all packets from the user are dropped for the next 3 seconds.</desc>

<version>2</version>

<counter name="TIMER" interval="500" decrement="1"/>

<counter name="TRAFFIC" interval="1000" decrement="1"/>

<function name="MAIN">

<action:rule>

<if>

<check:packet packet="MESSAGE" />

<check:address fromtype="ANY" from="" totype="DOMAIN" to="conference.localhost" />

</if>

<then>

<action:rule>

<if>

<check:count counter="TIMER" count="FROM" compare="GREATER" ref="0"/>

</if>

<then>

<action:drop/>

</then>

</action:rule>

<action:count counter="TRAFFIC" count="FROM"/>

<action:rule>

<if>

<check:set_count counter="TRAFFIC" count="FROM" compare="GREATER" ref="3" newvalue="0"/>

</if>

<then>

<action:set_count counter="TIMER" count="FROM" newvalue="6"/>

<action:log mode="FROM">Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:log>

<action:drop/>

</then>

</action:rule>

</then>

</action:rule>

</function>

</raptor>

Like (0)

Coolcat
797 posts since
Mar 19, 2007

Currently Being Moderated

Feb 1, 2010 3:06 PM (in response to slicer321)
Re: Raptor flood profile design help

You are lucky that I read this. Normally I don't read in these forums anymore. If you open a new thread about Raptor please leave a short comment with a link to the thread in the Raptor document. That way I will recieve an notification email. You may also send me a private message with the link.

@1 (part 1)
The profile I posted does only drop messages from the user who caused the flood. Everyone else will not notice anyting. The only way to count messages per MUC-room is to use a copy of the flood detector for each room with an BIG branching around. That might be useable for two or three rooms, but for more rooms that's absolute nonsense. To work around this problem you would need to modiy Raptor so that it is able to count not just on a single JID but on the concatenation of TO and FROM JID. That would probably be simple, but requires a few Java skills. (Note that count mode "BOTH" is something different)

@1 (part 2)
Hm, what about the example that comes with Raptor? Or do you mean something different?

@2
Raptor does currently not bother about packet sizes. Again, it should be possible to extend Raptor.

@3
Check out action:message and action:email. Both use the same placeholder mechanism as action:log. You can even magically convert a JID into an email address using the emailmapper. See manual for further details.

Report Abuse

Like (0)
- slicer321
  309 posts since
  Apr 14, 2008
  
  Currently Being Moderated
  
  Feb 1, 2010 4:36 PM (in response to Coolcat)
  Re: Raptor flood profile design help
  
  Coolcat,
  
  May I continue on this thread for a bit? :-) Re: action:message, I did try this, but never saw this being received. Also I am using Fastpath plugin, and I do see the flooding rules triggered, but not the action:message. If I change to action:log, the message is logged in the info.log.
  
  Thanks
  
  <action:message mode="FROM">Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:message>
  
  Report Abuse
  
  Like (0)
  - slicer321
    309 posts since
    Apr 14, 2008
    
    Currently Being Moderated
    
    Feb 1, 2010 4:52 PM (in response to slicer321)
    Re: Raptor flood profile design help
    
    Retracting an earlier statement, the action:message does indeed work, but just not with Fastpath. There was no server warning message going back to the offending chat user.
    
    Report Abuse
    
    Like (0)
    - Coolcat
      797 posts since
      Mar 19, 2007
      
      Currently Being Moderated
      
      Feb 2, 2010 1:32 AM (in response to slicer321)
      Re: Raptor flood profile design help
      
      May I continue on this thread for a bit? :-)
      Sure. I have subscribed this thread, so I get mail notifications for this one, too.
      
      Retracting an earlier statement, the action:message does indeed work, but just not with Fastpath.
      Raptor does use the component address to send messages. By default this is raptor.yourserver.tld. Some clients don't accept messages from users not on their roster. I never used Fastpath, but maybe that's the problem?
      
      Report Abuse
      
      Like (0)

Go to original post

Legend

Correct Answers - 10 points
Helpful Answers - 5 points