[Users] Pike module
Stefano Capitanio
s.capitanio at caspur.it
Wed Dec 13 13:20:04 CET 2006
Hi,
i want to use pike module to avoid brute-force attack on Register.
are the values of the parameters expressed in seconds?
it seems that there is a problem because i've set:
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 600)
and the routing logic is:
if (method=="REGISTER") {
# Checks brute-force attacks
if (!pike_check_req()) {
sl_send_reply("403", "Too many attempts!");
break;
};
if (!www_authorize("caspur.it", "subscriber")) {
www_challenge("caspur.it", "0");
break;
};
save("location");
break;
};
but when I reach the limit it blocks the requests only for less than 1
minute...
where is the mistake?any idea?
thanks,
Stefano
More information about the sr-users
mailing list