[Suggestion] Built-in DDOS Protection

pkulchenko / fullmoon

Fast and minimalistic Redbean-based Lua web framework in one file.

MIT License

684 stars 30 forks source link

[Suggestion] Built-in DDOS Protection #18

Closed evandrodacs closed 1 year ago

evandrodacs commented 1 year ago

Hello,

An interesting feature would be to implement: a DDOS protection system built into fullmoon, which we could easily activate. You can use the example in the redbean.dev documentation.

Thanks!

pkulchenko commented 1 year ago

Are you referring to ProgramTokenBucket functionality in Redbean?

evandrodacs commented 1 year ago

Using the ProgramTokenBucket function and others (unix.setrlimit, ...)

Example: after activating a function e.g. DdosProtect(hitsByUniqueIP), fullmoon routes are limited. Basically fullmoon implements code from redbean documentation.

pkulchenko commented 1 year ago

@evandrodacs, you should be able to use tokenBucket options (which maps to ProgramTokenBucket call): fm.run{tokenBucket = {{1, 24}}}. See the run documentation for how to specify the options.

I'm closing this, as it should be covered by the tokenBucket functionality available, but let me know if you run into any issues.