mirror of
https://github.com/Mailu/Mailu.git
synced 2024-12-12 10:45:38 +02:00
Merge #2738
2738: Make ratelimit exemptions less generous r=mergify[bot] a=nextgens ## What type of PR? enhancement ## What does this PR do? Make ratelimit exemptions less generous, as discussed on #mailu-dev ### Related issue(s) ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
commit
d66ddb0f3e
@ -13,14 +13,15 @@ def nginx_authentication():
|
||||
"""
|
||||
client_ip = flask.request.headers["Client-Ip"]
|
||||
headers = flask.request.headers
|
||||
if headers["Auth-Port"] == '25' and headers['Auth-Method'] != 'none':
|
||||
is_port_25 = headers["Auth-Port"] == '25'
|
||||
if is_port_25 and headers['Auth-Method'] != 'none':
|
||||
response = flask.Response()
|
||||
response.headers['Auth-Status'] = 'AUTH not supported'
|
||||
response.headers['Auth-Error-Code'] = '502 5.5.1'
|
||||
utils.limiter.rate_limit_ip(client_ip)
|
||||
return response
|
||||
is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
|
||||
if not is_from_webmail and utils.limiter.should_rate_limit_ip(client_ip):
|
||||
if not is_from_webmail and not is_port_25 and utils.limiter.should_rate_limit_ip(client_ip):
|
||||
status, code = nginx.get_status(flask.request.headers['Auth-Protocol'], 'ratelimit')
|
||||
response = flask.Response()
|
||||
response.headers['Auth-Status'] = status
|
||||
@ -46,6 +47,8 @@ def nginx_authentication():
|
||||
return response
|
||||
is_valid_user = True
|
||||
if headers.get("Auth-Status") == "OK":
|
||||
# successful email delivery isn't enough to warrant an exemption
|
||||
if not is_port_25:
|
||||
utils.limiter.exempt_ip_from_ratelimits(client_ip)
|
||||
elif is_valid_user:
|
||||
utils.limiter.rate_limit_user(username, client_ip, password=response.headers.get('Auth-Password', None))
|
||||
|
Loading…
Reference in New Issue
Block a user