Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Log client ips #271

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Log client ips #271

wants to merge 1 commit into from

Conversation

Yannik
Copy link
Contributor

@Yannik Yannik commented Jul 19, 2021

Fixes #268.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 73.147% when pulling ac7e0b7 on Yannik:log-ips into 68bb6ab on joohoi:master.

@lan10rd
Copy link

lan10rd commented Jul 20, 2021

sweet nice i was hoping i wouldnt have to do that, any chance we can add a deny from in config.cfg or otherwise that can help “block” or how would you go about it? i really suck at ufw and dns stuff and i would personally love to spin up boxes on digitalocean etc and just pull a docker image and pull a config from github and rock roll (ill have to rebuild an image from this commit but at least its a atart! thaks @Yannik!

@lan10rd
Copy link

lan10rd commented Jul 20, 2021

i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts by ip address with an interval to check or theres probably a rate limit package like there is for node

@Yannik
Copy link
Contributor Author

Yannik commented Jul 20, 2021

@lanl0rd Rate limiting needs to limited to domains which could not possibly be valid acme-dns subdomains, because otherwise third parties could dos your acme-dns service by repeatedly requesting certificates from letsencrypt (hence, the letsencrypt server will get blocked).

I will implement a fail2ban filter which implements rate limiting and post about it here. (currently blocked by fail2ban/fail2ban#3062)

@Yannik
Copy link
Contributor Author

Yannik commented Aug 2, 2021

We now have a working fail2ban filter for this: #268 (comment)

@lan10rd
Copy link

lan10rd commented Aug 2, 2021

yayy

linuxgemini added a commit to linuxgemini/acme-dns that referenced this pull request Feb 9, 2022
Co-authored-by: İlteriş Yağıztegin Eroğlu <[email protected]>
Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
linuxgemini added a commit to linuxgemini/acme-dns that referenced this pull request Feb 9, 2022
Co-authored-by: İlteriş Yağıztegin Eroğlu <[email protected]>
Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
linuxgemini added a commit to linuxgemini/acme-dns that referenced this pull request Feb 9, 2022
Co-authored-by: Yannik Sembritzki <[email protected]>
Signed-off-by: İlteriş Yağıztegin Eroğlu <[email protected]>
@candlerb
Copy link

candlerb commented Mar 2, 2022

@lan10rd:

i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts by ip address with an interval to check or theres probably a rate limit package like there is for node

Yes, there is golang.org/x/time/rate. Simple exposition here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

list request IP in log to be able to block spammers
4 participants