On Wed, Apr 25, 2001 at 03:12:31AM +0200, Karsten W. Rohrbach wrote:
> maybe add it to tcpserver?
tcpserver ist not in control of checkpassword and has no knowledge
of corrrect/incorrect user:password pairs.
The solution I would like most (and which would be rather flexible and
also working with clusters) would be to have a fast http server (maybe
based on djb's publicfile).
This server would have a configurable sized hash table (similar to
dnscache) and a strategy for expiring entries.
There would be two clients/APIs:
- one would send "ip:fail" or "ip:ok"
and the server would either increment or delete an internal counter
- the other would send "ip:query" and the server would return
"allow" or "deny".
These two clients could be placed withing the calling queue after
tcpserver and checkpassword.
Within this framework one could write other clients/servers that would
e.g. allow for controlling the number of smtp connects per IP per time
interval:
- have a client that sends
"ip:connect" to the server and the server returns "ok" or "fail".
- if the answer the "ok" give over to the next program in queue
- if the answer is "fail" act similar to rblsmtpd and send a 4xx
to every SMTP protocol request from the sender.
I've been working on the last server/client with a friend. We have some
code but it's not finished yet.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
Stress is when you wake up screaming and you realize you haven't fallen
asleep yet.
