Closed Neumann-Valle closed 9 years ago
i put this in websocket.js: under dataHandler = realHandler
'if (data) {
self.bytesReceived += data.length;
//Flood Control Check ~~~~~~~~~~
//Flood Control Check ~~~~~~~~~~
//Flood Control Check ~~~~~~~~~~
console.log(self.last_session_request);
self.last_session_request = Date.now();
limiter.removeTokens(1, function(err, remainingRequests) {
if (remainingRequests < 0) {
self.close(1002, '');
//response.writeHead(429, {'Content-Type': 'text/plain;charset=UTF-8'});
//response.end('429 Too Many Requests - your IP is being rate limited');
} else {
console.log('Herp');
}
});
console.log(self.last_session_request);
//Flood Control Check ~~~~~~~~~~
//Flood Control Check ~~~~~~~~~~
//Flood Control Check ~~~~~~~~~~
self._receiver.add(data);
}'
And at the top, I put: var RateLimiter = require('limiter').RateLimiter; var limiter = new RateLimiter(12, 'hour', true); // fire CB immediately
Works fine, but im just testing it for websockets. But, I don't exactly how it bans the user, or for how long lol.
Hi, it is useless I had tested that way, but the script kiddie is spoofing ORIGIN set in socket.io allowing him to edit my client side and or sending loops that kills the server, yes you can also ban the aggressor ip.. but won't do much if he is also spoofing the IP.
Utan, use socket.upgradeReq.connection.remoteAddress Instead of origin! Store the users IP in a file everytime they surprass the flood limit, then use fail2ban or some type of system to ban the ip's at the network level. (Iptables for linux, etc).
Does socket.upgradeReq.connection.remoteAddress is available in socket.use(); method also that's the user ip? What I need is a way to really make sure the client is coming from an allowed domain.. can you explain if they spoofed the remote address that also wouldn't spoof in the upgradeReq?
Sorry never use that propertie..
Since this discussion is trailing outside of the scope of a node-rate-limiter bug report I'm going to close the ticket.
Hi,
Don't know where to comment this. But how would node-rate-limited be implemented along with socket.io , how Would it be used to Throttle a client.id at sending events?
Hope I get an idea , would like to use your Module..
regards