powered by Jive Software

Raptor flood profile design help

Coolcat,

I am trying to adapt the anti-flood MUC profile for raptor, have a few questions. I took the example from the raptor doc under “Comments”, and pasted here. For the example how can I revise to achieve the following goals.

  1. To apply only to the MUC room that the flood is occurring, thereby not interrupting other MUC messaging? Potentially I may also want to limit any sent message regardless, not just to MUCs.
  2. In addition to stopping three consecutive messaging user requests, count the size of the message as well, so that if they cut and paste >2K message, that it will also be dropped?
  3. How can the raptor info.log message be communicated back to the offending sender?

Please let me know if this is possible via Raptor. It seems like a sophisticated tool, but also takes some dedicated studying to understand how these rule systems can be properly devised.

Thank you

<?xml version="1.0" encoding="UTF-8"?>

MUC-FloodDetection

This example is a simple flood detection for MUC-rooms. If it detects a flood all packets from the user are dropped for the next 3 seconds.

2

<action:rule>

  <if>

    <check:packet packet="MESSAGE" />

    <check:address fromtype="ANY" from="" totype="DOMAIN" to="conference.localhost" />

  </if>

  <then>

    <action:rule>

      <if>

        <check:count counter="TIMER" count="FROM" compare="GREATER" ref="0"/>

      </if>

      <then>

        <action:drop/>

      </then>

    </action:rule>

    <action:count counter="TRAFFIC" count="FROM"/>

    <action:rule>

      <if>

        <check:set_count counter="TRAFFIC" count="FROM" compare="GREATER" ref="3" newvalue="0"/>

      </if>

      <then>

        <action:set_count counter="TIMER" count="FROM" newvalue="6"/>

        <action:log mode="FROM">Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:log>

        <action:drop/>

      </then>

    </action:rule>

  </then>

</action:rule>

You are lucky that I read this. Normally I don’t read in these forums anymore. If you open a new thread about Raptor please leave a short comment with a link to the thread in the Raptor document. That way I will recieve an notification email. You may also send me a private message with the link.

@1 (part 1)

The profile I posted does only drop messages from the user who caused the flood. Everyone else will not notice anyting. The only way to count messages per MUC-room is to use a copy of the flood detector for each room with an BIG branching around. That might be useable for two or three rooms, but for more rooms that’s absolute nonsense. To work around this problem you would need to modiy Raptor so that it is able to count not just on a single JID but on the concatenation of TO and FROM JID. That would probably be simple, but requires a few Java skills. (Note that count mode “BOTH” is something different)

@1 (part 2)

Hm, what about the example that comes with Raptor? Or do you mean something different?

@2

Raptor does currently not bother about packet sizes. Again, it should be possible to extend Raptor.

@3

Check out action:message and action:email. Both use the same placeholder mechanism as action:log. You can even magically convert a JID into an email address using the emailmapper. See manual for further details.

Coolcat,

May I continue on this thread for a bit? :slight_smile: Re: action:message, I did try this, but never saw this being received. Also I am using Fastpath plugin, and I do see the flooding rules triggered, but not the action:message. If I change to action:log, the message is logged in the info.log.

Thanks

<action:message mode=“FROM”>Traffic rate limit is exceeded. All your messages to the chatroom are ignored for 3 seconds.</action:message>

Retracting an earlier statement, the action:message does indeed work, but just not with Fastpath. There was no server warning message going back to the offending chat user.

May I continue on this thread for a bit? :slight_smile:
Sure. I have subscribed this thread, so I get mail notifications for this one, too.

Retracting an earlier statement, the action:message does indeed work, but just not with Fastpath.
Raptor does use the component address to send messages. By default this is raptor.yourserver.tld. Some clients don’t accept messages from users not on their roster. I never used Fastpath, but maybe that’s the problem?