DoSProtection
Documentation based on repostory git version commit 2.4.0-alpha-166-gbd70a12d
Module DoSProtection
This module bans user when they are sending too much packets within a given timeframe. To see the list of currently banned IPs/ports, use iptables -L.
----
Configuration options:
| Name | Description | Default Value | Default Unit | Type |
|---|---|---|---|---|
| enabled | Indicate whether the module is activated. | true | Boolean | |
| filter | A request/response enters module if the boolean filter evaluates to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') && (user-agent == 'Linphone v2'). You can consult the full filter documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ | BooleanExpr | ||
| time-period | Time to consider to compute the packet rate | 3000 | millisecond | DurationMS |
| packet-rate-limit | Maximum packet rate in packets/seconds, averaged over [time-period] millisecond(s) to consider it as a DoS attack. | 20 | Integer | |
| ban-time | Time to ban the ip/port using iptables | 2 | minute | DurationMIN |
| iptables-chain | Name of the chain flexisip will create to store the banned IPs | FLEXISIP | String | |
| white-list | List of IP addresses or hostnames for which no DoS protection is made. This is typically for trusted servers from which we can receive high traffic. Please note that nodes from the local flexisip cluster (see [cluster] section) are automatically added to the white list, as well as 127.0.0.1 and ::1. | StringList |