I am trying to adapt the anti-flood MUC profile for raptor, have a few questions. I took the example from the raptor doc under “Comments”, and pasted here. For the example how can I revise to achieve the following goals.
- To apply only to the MUC room that the flood is occurring, thereby not interrupting other MUC messaging? Potentially I may also want to limit any sent message regardless, not just to MUCs.
- In addition to stopping three consecutive messaging user requests, count the size of the message as well, so that if they cut and paste >2K message, that it will also be dropped?
- How can the raptor info.log message be communicated back to the offending sender?
Please let me know if this is possible via Raptor. It seems like a sophisticated tool, but also takes some dedicated studying to understand how these rule systems can be properly devised.
Thank you<?xml version="1.0" encoding="UTF-8"?>
This example is a simple flood detection for MUC-rooms. If it detects a flood all packets from the user are dropped for the next 3 seconds.
<action:rule> <if> <check:packet packet="MESSAGE" /> <check:address fromtype="ANY" from="" totype="DOMAIN" to="conference.localhost" /> </if> <then> <action:rule> <if> <check:count counter="TIMER" count="FROM" compare="GREATER" ref="0"/> </if> <then> <action:drop/> </then> </action:rule> <action:count counter="TRAFFIC" count="FROM"/> <action:rule> <if> <check:set_count counter="TRAFFIC" count="FROM" compare="GREATER" ref="3" newvalue="0"/> </if> <then> <action:set_count counter="TIMER" count="FROM" newvalue="6"/> <action:log mode="FROM">Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:log> <action:drop/> </then> </action:rule> </then> </action:rule>