Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

rate limiting: allow to exclude IP addresses/ranges

Browse Source 
Fixes #563
This commit is contained in:
Nicola Murino
2021-10-03 20:50:05 +02:00
parent 1b4a1fbbe5
commit ea01c3a125
11 changed files with 80 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/rate-limiting.md
View File

@@ -22,6 +22,20 @@ You can also define two types of rate limiters:
If you configure a per-host rate limiter, SFTPGo will keep a rate limiter in memory for each host that connects to the service, you can limit the memory usage using the `entries_soft_limit` and `entries_hard_limit` configuration keys.
For each rate limiter you can exclude a list of IP addresses and IP ranges by defining an `allow_list`.
The allow list supports IPv4/IPv6 address and CIDR networks, for example:
```json
...
"allow_list": [
"192.0.2.1",
"192.168.1.0/24",
"2001:db8::68",
"2001:db8:1234::/48"
],
...
```
You can defines how many rate limiters as you want, but keep in mind that if you defines multiple rate limiters each request will be checked against all the configured limiters and so it can potentially be delayed multiple times. Let's clarify with an example, here is a configuration that defines a global rate limiter and a per-host rate limiter for the FTP protocol:
```json