[Freeswitch-users] Applying multiple limits for calls by sip_auth_username or by sip_received_ip

Simon J Mudd sjmudd at pobox.com
Sun Feb 27 22:52:09 MSK 2011


Hi,

I was pointed to the limit application as a way to control call
usage. This seems quite good for me if I'm paranoid about my FreeSWITCH
setup being attacked.

http://wiki.freeswitch.org/wiki/Mod_limit gives a cuople of examples using slightly
different syntax, one using data="db ..." and the other data="hash ...". However the parameters
are not clearly explained. The Rate Limiting calls / Anti SPIT example is what interests me
but it's not clear:
(1) exactly how the first 2 fields are used, and
(2) if I want to set different rates for the same 2 fields but for different time periods if I can
or one configuration will affect another one.

I had a very quick look at the code but it seems to have changed from v1.0.6 to the current head
and I wasn't sure where to look in the "core" code to figure out the usage.

Basically what I'm looking to do is very similar to the Rate Limiting
example, something like:

in dialplan/default.xml:

...
    <!-- taken from: http://wiki.freeswitch.org/wiki/Mod_limit -->
    <extension name="limit_exceeded">
      <condition field="destination_number" expression="^limit_exceeded$">
        <action application="playback" data="$${CUSTOM_SOUNDS_DIR}/limit_exceeded.wav"/>
        <action application="hangup"/>
      </condition>
    </extension>

    <extension name="limit" continue="true">
      <condition>
        <!-- use the A, B, C prefixes to avoid the different per-period   -->
        <!-- limits interfering with each other                           -->
        <action application="limit" data="hash $${domain} A${sip_received_ip}   $${MAX_CALLS_FROM_IP_PER_SEC}/1" />
        <action application="limit" data="hash $${domain} B${sip_received_ip}   $${MAX_CALLS_FROM_IP_PER_MIN}/60" />
        <action application="limit" data="hash $${domain} C${sip_received_ip}   $${MAX_CALLS_FROM_IP_PER_HOUR}/3600" />
        <action application="limit" data="hash $${domain} A${sip_auth_username} $${MAX_CALLS_BY_AUTH_USER_PER_SEC}/1" />
        <action application="limit" data="hash $${domain} B${sip_auth_username} $${MAX_CALLS_BY_AUTH_USER_PER_MIN}/60" />
        <action application="limit" data="hash $${domain} C${sip_auth_username} $${MAX_CALLS_BY_AUTH_USER_PER_HOUR}/3600" />
      </condition>
    </extension> 
...

Am I right in assuming that it's necessary to add  a prefix when using
multiple limits for different periods at the same time?

Also I'd like to apply something similar for registration attempts
(successful or otherwise), basically similar to the ${sip_received_ip}
lines, but am not sure where that would be applied. Could someone point
me to the right location?

Thanks,

Simon



More information about the FreeSWITCH-users mailing list