-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log client ips #271
base: master
Are you sure you want to change the base?
Log client ips #271
Conversation
sweet nice i was hoping i wouldnt have to do that, any chance we can add a deny from in config.cfg or otherwise that can help “block” or how would you go about it? i really suck at ufw and dns stuff and i would personally love to spin up boxes on digitalocean etc and just pull a docker image and pull a config from github and rock roll (ill have to rebuild an image from this commit but at least its a atart! thaks @Yannik! |
i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts by ip address with an interval to check or theres probably a rate limit package like there is for node |
@lanl0rd Rate limiting needs to limited to domains which could not possibly be valid acme-dns subdomains, because otherwise third parties could dos your acme-dns service by repeatedly requesting certificates from letsencrypt (hence, the letsencrypt server will get blocked). I will implement a fail2ban filter which implements rate limiting and post about it here. (currently blocked by fail2ban/fail2ban#3062) |
We now have a working fail2ban filter for this: #268 (comment) |
yayy |
Co-authored-by: İlteriş Yağıztegin Eroğlu <[email protected]> Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
Co-authored-by: İlteriş Yağıztegin Eroğlu <[email protected]> Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
Co-authored-by: Yannik Sembritzki <[email protected]> Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
Yes, there is golang.org/x/time/rate. Simple exposition here. |
Fixes #268.