(RADIATOR) Redback is sending too many Access-Requests

Hugh Irvine hugh at open.com.au
Tue Dec 20 14:52:28 CST 2005


Hello Claudio -

Its in the latest patches.

Here it is again.

regards

Hugh



----------------------------------------------------------------------

This hook allows you to do conditional flood control to rate limit  
radius requests.

The hook counts the number of access requests received in each second  
for each NAS
and conditionally returns an Access-Accept if the count exceeds a  
preset limit.
Special reply attributes can be added to the conditional access  
accept by using
an AddToReply to restrict access to a maintenance web site for example.


# RequestHook for AuthBy INTERNAL
# This hook counts the number of access requests that are received for a
# particular NAS, and returns an ACCEPT if there are more than 100  
per second.
# A Session-Timeout reply attribute is added to the reply with a random
# value between 1 and 1200 seconds(20 minutes).
#
# Note: these values should be altered as required.
#
# Hugh Irvine, Open System Consultants, 20050829

sub
{
         my $p = $_[0];

         my $time = time;
         my $code = $p->code;
         my $nas = $p->{Client};

         if ($time == $nas->{last_throttle_time} && $code eq 'Access- 
Request')
         {
                 if (++$nas->{throttle_count} > 100)
                 {
                         $p->{rp}->add_attr('Session-Timeout', int 
(rand(1200) + 1));
                         return ($main::ACCEPT, 'Conditional flood  
control');
                 }
         }
         else
         {
                 $nas->{throttle_count} = 0;
         }
         $nas->{last_throttle_time} = $time;
         return ($main::IGNORE, 'Continue to proxy');
}



Here is an example of how to use the hook.


<Handler .....>

         AuthByPolicy ContinueWhileIgnore

         <AuthBy INTERNAL>
                 RequestHook file:"throttle.pl"
                 AddToReply .....
         </AuthBy>

         # normal AuthBy
         <AuthBy .....>
                 .....
         </AuthBy>

</Handler>






On 21 Dec 2005, at 00:44, Claudio Lapidus wrote:

> Hello Hugh,
>
> On 12/20/05, Hugh Irvine <hugh at open.com.au> wrote:
>> You will also find an example hook in "goodies/hooks.txt" (Radiator
>> 3.13) that implements conditional rate limiting which may be useful.
>
> Sorry, where is that code? I don't seem to find it:
>
> [root at devel-01 etc]# cat
> /usr/share/doc/Radiator-3.13/goodies/hooks.txt | egrep -i
> 'conditional|rate|limit'
> single colon (":") delimited line of the form:
> basis. And Attributes is a list of attribute = value pairs seperated
> # Each Profile is a colon (":") delimited record with
> [root at devel-01 etc]#


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list