Home Explore Help
Register Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Browse Source

Define config for room-level join limiter

but don't use it in tests
David Robertson 1 year ago
parent
6b99a66fe0
commit
bd873e6571
4 changed files with 28 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      docker/complement/conf/workers-shared-extra.yaml.j2
  2. 16 0
      docs/usage/configuration/config_documentation.md
  3. 7 0
      synapse/config/ratelimiting.py
  4. 1 0
      tests/utils.py

+ 4 - 0
docker/complement/conf/workers-shared-extra.yaml.j2
View File 

@@ -67,6 +67,10 @@ rc_joins:
 
     per_second: 9999
 
     burst_count: 9999
 
 
+rc_joins_per_room:
 
+    per_second: 9999
 
+    burst_count: 9999
 
+
 
 rc_3pid_validation:
 
   per_second: 1000
 
   burst_count: 1000

+ 16 - 0
docs/usage/configuration/config_documentation.md
View File 

@@ -1380,6 +1380,22 @@ rc_joins:
 
     burst_count: 12
 
 ```
 
 ---
 
+### `rc_joins_per_room`
 
+
 
+This option allows for ratelimiting joins to a room based on the number of recent
 
+joins (local or remote) to that room. It is intended to mitigate mass-join spam
 
+waves which target multiple homeservers.
 
+
 
+Sensible values for this option are provided by default; most server admins
 
+won't need to adjust this setting.
 
+
 
+Example configuration:
 
+```yaml
 
+rc_joins_per_room:
 
+  per_second: 1
 
+  burst_count: 10
 
+```
 
+---
 
 ### `rc_3pid_validation`
 
 
 This option ratelimits how often a user or IP can attempt to validate a 3PID.

+ 7 - 0
synapse/config/ratelimiting.py
View File 

@@ -112,6 +112,13 @@ class RatelimitConfig(Config):
 
             defaults={"per_second": 0.01, "burst_count": 10},
 
         )
 
 
+        # Track the rate of joins to a given room. If there are too many, temporarily
 
+        # prevent local joins and remote joins via this server.
 
+        self.rc_joins_per_room = RateLimitConfig(
 
+            config.get("rc_joins_per_room", {}),
 
+            defaults={"per_second": 1, "burst_count": 10},
 
+        )
 
+
 
         # Ratelimit cross-user key requests:
 
         # * For local requests this is keyed by the sending device.
 
         # * For requests received over federation this is keyed by the origin.

+ 1 - 0
tests/utils.py
View File 

@@ -151,6 +151,7 @@ def default_config(name, parse=False):
 
             "local": {"per_second": 10000, "burst_count": 10000},
 
             "remote": {"per_second": 10000, "burst_count": 10000},
 
         },
 
+        "rc_joins_per_room": {"per_second": 10000, "burst_count": 10000},
 
         "rc_invites": {
 
             "per_room": {"per_second": 10000, "burst_count": 10000},
 
             "per_user": {"per_second": 10000, "burst_count": 10000},