94 network: IPv4Network | IPv6Network,
95 request: SXNG_Request,
97) -> werkzeug.Response |
None:
100 redis_client = redisdb.client()
102 if network.is_link_local
and not cfg[
'botdetection.ip_limit.filter_link_local']:
103 logger.debug(
"network %s is link-local -> not monitored by ip_limit method", network.compressed)
106 if request.args.get(
'format',
'html') !=
'html':
107 c = incr_sliding_window(redis_client,
'ip_limit.API_WINDOW:' + network.compressed, API_WINDOW)
109 return too_many_requests(network,
"too many request in API_WINDOW")
111 if cfg[
'botdetection.ip_limit.link_token']:
113 suspicious = link_token.is_suspicious(network, request,
True)
117 drop_counter(redis_client,
'ip_limit.SUSPICIOUS_IP_WINDOW' + network.compressed)
121 c = incr_sliding_window(
122 redis_client,
'ip_limit.SUSPICIOUS_IP_WINDOW' + network.compressed, SUSPICIOUS_IP_WINDOW
124 if c > SUSPICIOUS_IP_MAX:
125 logger.error(
"BLOCK: too many request from %s in SUSPICIOUS_IP_WINDOW (redirect to /)", network)
126 response = flask.redirect(flask.url_for(
'index'), code=302)
127 response.headers[
"Cache-Control"] =
"no-store, max-age=0"
130 c = incr_sliding_window(redis_client,
'ip_limit.BURST_WINDOW' + network.compressed, BURST_WINDOW)
131 if c > BURST_MAX_SUSPICIOUS:
132 return too_many_requests(network,
"too many request in BURST_WINDOW (BURST_MAX_SUSPICIOUS)")
134 c = incr_sliding_window(redis_client,
'ip_limit.LONG_WINDOW' + network.compressed, LONG_WINDOW)
135 if c > LONG_MAX_SUSPICIOUS:
136 return too_many_requests(network,
"too many request in LONG_WINDOW (LONG_MAX_SUSPICIOUS)")
141 c = incr_sliding_window(redis_client,
'ip_limit.BURST_WINDOW' + network.compressed, BURST_WINDOW)
143 return too_many_requests(network,
"too many request in BURST_WINDOW (BURST_MAX)")
145 c = incr_sliding_window(redis_client,
'ip_limit.LONG_WINDOW' + network.compressed, LONG_WINDOW)
147 return too_many_requests(network,
"too many request in LONG_WINDOW (LONG_MAX)")