<div dir="ltr">maybe a log file, and deny ip is faster<div style>but if you want it per user, it&#39;s slower, since you must check if user is ok in a database<br>using ip, you only need to log and a external program (ex fail2ban) can block it via iptables, hosts.deny or other method</div>
<div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/3/6 Muhammad Shahzad <span dir="ltr">&lt;<a href="mailto:shaheryarkh@gmail.com" target="_blank">shaheryarkh@gmail.com</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>While this will work for small setups but i have feeling that this won&#39;t be suitable for high load productive systems, since it does same thing as fail2ban but runs INLINE, blocking other sip requests till it is finished.</div>


<br><div>Thank you.<br><br><br><div class="gmail_quote"><div><div class="h5">On Wed, Mar 6, 2013 at 8:48 PM, Hubert Mickael <span dir="ltr">&lt;<a href="mailto:mickael@winlux.fr" target="_blank">mickael@winlux.fr</a>&gt;</span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">

<div><div>
  

    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Hi,<br>
    <div>
      <div> Pike module to stop flood ?<br>
        I have add perl script at pike to add firewall rule in my
        freebsd.<br>
        <br>
        Example opensips conf:<br>
        <br>
        #------------------- module pike ---------------<br>
        loadmodule &quot;pike.so&quot;<br>
        #----------- pike params ------------<br>
        modparam(&quot;pike&quot;, &quot;sampling_time_unit&quot;, 2)<br>
        modparam(&quot;pike&quot;, &quot;reqs_density_per_unit&quot;, 80)<br>
        modparam(&quot;pike&quot;, &quot;remove_latency&quot;, 130)<br>
        modparam(&quot;pike&quot;, &quot;pike_log_level&quot;, -1)<br>
        <br>
        in script:<br>
        <br>
        <i>    if(!pike_check_req())</i><i><br>
        </i><i>        {</i><i><br>
        </i><i>        if(perl_exec(&quot;pikesendmail&quot;))</i><i><br>
        </i><i>                {</i><i><br>
        </i><i>                        xlog(&quot;L_INFO&quot;,&quot;Fonction perl_exec
          PIKE OK&quot;);</i><i><br>
        </i><i>                }</i><i><br>
        </i><i>                xlog(&quot;L_WARN&quot;,&quot;PIKE_CHECK_REQ banned IP
          $si because of flooding requests&quot;);</i><i><br>
        </i><i>                exit;</i><i><br>
        </i><i>        }</i><br>
        <br>
        perl script:<br>
        <br>
        <br>
        sub pikesendmail<br>
        {<br>
                MIME::Lite-&gt;send(&#39;smtp&#39;, &#39;smtp.....&#39;);<br>
        <br>
                my $serverIP = OpenSIPS::AVP::get(&quot;serverIP&quot;);<br>
                my $sourceIP = OpenSIPS::AVP::get(&quot;sourceIP&quot;);<br>
        <br>
                my @exceptions = (@my IP);<br>
        <br>
                my $logfile = &quot;/var/log/pikemodule.log&quot;;<br>
                my $date = localtime();<br>
                open LOGFILE, &quot;&gt;&gt;$logfile&quot; or die &quot;cannot open
        logfile $logfile for append: $!&quot;;<br>
        <br>
                my $subject = &quot;IP $sourceIP blocked by server
        $serverIP&quot;;<br>
                my @body ;<br>
                my @argsbash ;<br>
                my @listeIP ;<br>
                my $maxid ;<br>
                my $newid ;<br>
                my $reglepresente = 0 ;<br>
                my $inhib = 0 ;<br>
                my $i=0;<br>
        <br>
                for $i (@exceptions)<br>
                {<br>
                        if($sourceIP eq $i)<br>
                        {<br>
                                $inhib = 1 ;<br>
                                last ;<br>
                        }<br>
                }<br>
        <br>
                foreach(`ipfw list | grep ^005 | awk -F&quot; &quot; {&#39;print
        \$5&#39;}`)<br>
                {<br>
                        push (@listeIP,$_) ;<br>
                }<br>
        <br>
                for(@listeIP){<br>
                        print &quot;$_&quot;;<br>
                        if($_ =~ $sourceIP){<br>
                                #print &quot;regle deja presente\n&quot;;<br>
                                $reglepresente = 1 ;<br>
                        }<br>
                }<br>
        <br>
                if($reglepresente == 0 &amp;&amp; $inhib == 0){<br>
        <br>
                        $maxid=`ipfw list | grep ^005 | tail -n1 | awk
        -F&quot; &quot; {&#39;print \$1&#39;} | sed &quot;s/^00//&quot;`;<br>
                        if ($maxid eq &#39;&#39;){<br>
                                $newid = 500 ;<br>
                        }else{<br>
                                $newid = $maxid+1 ;<br>
                        }<br>
        <br>
        <br>
                        @argsbash = (&quot;ipfw&quot;, &quot;add $newid deny ip from
        $sourceIP to me&quot;);<br>
                        if(system(@argsbash) == 0<br>
                                or die &quot;system @argsbash failed: $?&quot;){<br>
                                print LOGFILE &quot;$date INFO : Nouveau
        blocage pour SIP flooding \n&quot;;<br>
                                print LOGFILE &quot;$date INFO : Regle IPFW
        appliquee ID $newid \n&quot;;<br>
                                log(L_INFO, &quot;SIP Flooding, IP $sourceIP
        blocked with IPFW rule $newid\n&quot;);<br>
                        }<br>
        <br>
                       
        open(EMAILB,&quot;/usr/local/libexec/templ_email.tpl&quot;) || die
        (&quot;Erreur d&#39;ouverture de EMAILB&quot;) ;<br>
                        while (&lt;EMAILB&gt;) {<br>
                                $_ =~ s/PARA1/$sourceIP/g;<br>
                                $_ =~ s/PARA2/$serverIP/g;<br>
                                $_ =~ s/PARA3/$newid/g;<br>
                                push (@body,$_);<br>
                        }<br>
        <br>
                        close(EMAILB);<br>
        <br>
                        # Création d&#39;un objet MIME::Lite avec les
        en-têtes du message<br>
                        my $message = MIME::Lite-&gt;new(<br>
                                From       =&gt; &#39;OpenSIPS <a href="mailto:noreply@hexanet.fr" target="_blank">&lt;noreply@hexanet.fr&gt;</a>&#39;,<br>
                                To         =&gt; &#39;&#39;,<br>
                                Subject    =&gt; &quot;$subject&quot;,<br>
                                &quot;X-Mailer&quot; =&gt; &#39;OpenSIPS&#39;,<br>
                               Type       =&gt; &#39;text/html&#39;,<br>
                                Data       =&gt; &quot;@body&quot;,<br>
                        );<br>
        <br>
                        if($message-&gt;send()){<br>
                                print LOGFILE &quot;$date INFO : Mail envoye
        pour blocage IP $sourceIP\n&quot;;<br>
                                log(L_INFO, &quot;SIP Flooding, mail has been
        sent\n&quot;);<br>
                        }<br>
        <br>
                        close LOGFILE ;<br>
                }<br>
        <br>
            return 1;<br>
        }<br>
        <br>
        bye<br>
      </div>
    </div>
  </div>

</div></div><br></div></div><div class="im">_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></div></blockquote></div><div class="im"><br><br clear="all"><div><br></div>-- <br><span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Muhammad Shahzad</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">


<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">------------------------------</span><span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">-----</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">


<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">CISCO Rich Media Communication Specialist (CRMCS)</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">

<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">CISCO Certified Network Associate (CCNA)</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">

<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Cell: <a href="tel:%2B49%20176%2099%2083%2010%2085" value="+4917699831085" target="_blank">+49 176 99 83 10 85</a></span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">


<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">MSN: </span><a href="mailto:shari_786pk@hotmail.com" style="color:rgb(17,85,204);font-size:13px;font-family:arial,sans-serif" target="_blank">shari_786pk@hotmail.com</a><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">


<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Email: </span><a href="mailto:shaheryarkh@googlemail.com" style="color:rgb(17,85,204);font-size:13px;font-family:arial,sans-serif" target="_blank">shaheryarkh@googlemail.com</a>
</div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Roberto Spadim<br>SPAEmpresarial</div>
</div>