self.whitelist = []
+ def log(self, line):
+ log = open("/var/log/plc_api_ratelimit.log", "a")
+ date = datetime.now().strftime("%d/%m/%y %H:%M")
+ log.write("%s - %s\n" % (date, line))
+ log.flush()
+
def before(self, wobj, data, *args, **kwargs):
# ratelimit_128.112.139.115_201011091532 = 1
# ratelimit_128.112.139.115_201011091533 = 14
api_method_name = wobj.name
api_method_source = wobj.source
+ try:
+ api_method = args[0]["AuthMethod"]
+ except:
+ return
+
+ if api_method == "session":
+ api_method_caller = args[0]["session"]
+ elif api_method == "password" or api_method == "capability":
+ api_method_caller = args[0]["Username"]
+ elif api_method == "gpg":
+ api_method_caller = args[0]["name"]
+ elif api_method == "hmac" or api_method == "hmac_dummybox":
+ api_method_caller = args[0]["node_id"]
+ elif api_method == "anonymous":
+ api_method_caller = "anonymous"
+ else:
+ api_method_caller = "unknown"
+
if api_method_source == None or api_method_source[0] == self.config.PLC_API_IP or api_method_source[0] in self.whitelist:
return
+ if api_method_caller == None:
+ self.log("%s called from %s with Username = None?" % (api_method_name, api_method_source[0]))
+ return
+
mc = memcache.Client(["%s:11211" % self.config.PLC_API_HOST])
now = datetime.now()
- current_key = "%s_%s_%s" % (self.prefix, api_method_source[0], now.strftime("%Y%m%d%H%M"))
+ current_key = "%s_%s_%s_%s" % (self.prefix, api_method_caller, api_method_source[0], now.strftime("%Y%m%d%H%M"))
- keys_to_check = ["%s_%s_%s" % (self.prefix, api_method_source[0], (now - timedelta(minutes = minute)).strftime("%Y%m%d%H%M")) for minute in range(self.minutes + 1)]
+ keys_to_check = ["%s_%s_%s_%s" % (self.prefix, api_method_caller, api_method_source[0], (now - timedelta(minutes = minute)).strftime("%Y%m%d%H%M")) for minute in range(self.minutes + 1)]
try:
value = mc.incr(current_key)
total_requests += result[i]
if total_requests > self.requests:
- log = open("/var/log/plc_api_ratelimit.log", "a")
- date = datetime.now().strftime("%d/%m/%y %H:%M")
- log.write("%s - %s\n" % (date, api_method_source[0]))
- log.flush()
+ self.log("%s - %s" % (api_method_source[0], api_method_caller))
raise PLCPermissionDenied, "Maximum allowed number of API calls exceeded"
def after(self, wobj, data, *args, **kwargs):