1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00

Make rate limit for subnet (webmail) configurable

This commit is contained in:
Michael Wyraz 2019-12-16 18:46:17 +01:00
parent bee80b5c64
commit a7f787f914
2 changed files with 9 additions and 8 deletions

View File

@ -32,6 +32,7 @@ DEFAULT_CONFIG = {
'POSTMASTER': 'postmaster',
'TLS_FLAVOR': 'cert',
'AUTH_RATELIMIT': '10/minute;1000/hour',
'AUTH_RATELIMIT_SUBNET': True,
'DISABLE_STATISTICS': False,
# Mail settings
'DMARC_RUA': None,

View File

@ -13,25 +13,25 @@ class Limiter:
self.limiter = None
self.rate = None
self.subnet = None
self.rate_limit_subnet = True
def init_app(self, app):
self.storage = limits.storage.storage_from_string(app.config["RATELIMIT_STORAGE_URL"])
self.limiter = limits.strategies.MovingWindowRateLimiter(self.storage)
self.rate = limits.parse(app.config["AUTH_RATELIMIT"])
self.rate_limit_subnet = str(app.config["AUTH_RATELIMIT_SUBNET"])!='False'
self.subnet = ipaddress.ip_network(app.config["SUBNET"])
def check(self,clientip):
# TODO: activate this code if we have limits at webmail level
#if ipaddress.ip_address(clientip) in self.subnet:
# # no limits for internal requests (e.g. from webmail)
# return
# disable limits for internal requests (e.g. from webmail)?
if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
return
if not self.limiter.test(self.rate,"client-ip",clientip):
raise RateLimitExceeded()
def hit(self,clientip):
# TODO: activate this code if we have limits at webmail level
#if ipaddress.ip_address(clientip) in self.subnet:
# # no limits for internal requests (e.g. from webmail)
# return
# disable limits for internal requests (e.g. from webmail)?
if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
return
if not self.limiter.hit(self.rate,"client-ip",clientip):
raise RateLimitExceeded()