Adjust DosGuard default cfg (#496)

Fix #497
2026-04-29 15:37:53 +00:00 · 2023-02-02 09:04:00 +00:00
parent fe5150dba4
commit 8dbf049a71
2 changed files with 21 additions and 15 deletions
--- a/example-config.json
+++ b/example-config.json
@@ -19,30 +19,36 @@
            "grpc_port": "50051"
        }
    ],
-    "dos_guard":
-    {
-        "whitelist":["127.0.0.1"], // comma-separated list of ips to exclude from rate limiting
+    "dos_guard": {
+        "whitelist": [
+            "127.0.0.1"
+        ], // comma-separated list of ips to exclude from rate limiting
        /* The below values are the default values and are only specified here
         * for documentation purposes. The rate limiter currently limits
         * connections and bandwidth per ip. The rate limiter looks at the raw
         * ip of a client connection, and so requests routed through a load
         * balancer will all have the same ip and be treated as a single client
         */
-        "max_fetches":100000000, // max bytes per ip per sweep interval
-        "max_connections":1, // max connections per ip
-        "sweep_interval": 10 // time in seconds before resetting bytes per ip count
+        "max_fetches": 1000000, // max bytes per ip per sweep interval
+        "max_connections": 20, // max connections per ip
+        "max_requests": 20, // max connections per ip
+        "sweep_interval": 1 // time in seconds before resetting bytes per ip count
    },
-    "cache":
-    {
-        "peers": [{"ip":"127.0.0.1","port":51234}]
+    "cache": {
+        "peers": [
+            {
+                "ip": "127.0.0.1",
+                "port": 51234
+            }
+        ]
    },
-    "server":{
+    "server": {
        "ip": "0.0.0.0",
        "port": 51233,
        /* Max number of requests to queue up before rejecting further requests.
        * Defaults to 0, which disables the limit
        */
-        "max_queue_size":500
+        "max_queue_size": 500
    },
    "log_channels": [
        {
--- a/src/webserver/DOSGuard.h
+++ b/src/webserver/DOSGuard.h
@@ -77,9 +77,9 @@ public:
     */
    BasicDOSGuard(clio::Config const& config, SweepHandler& sweepHandler)
        : whitelist_{getWhitelist(config)}
-        , maxFetches_{config.valueOr("dos_guard.max_fetches", 100000000u)}
-        , maxConnCount_{config.valueOr("dos_guard.max_connections", 1u)}
-        , maxRequestCount_{config.valueOr("dos_guard.max_requests", 10u)}
+        , maxFetches_{config.valueOr("dos_guard.max_fetches", 1000000u)}
+        , maxConnCount_{config.valueOr("dos_guard.max_connections", 20u)}
+        , maxRequestCount_{config.valueOr("dos_guard.max_requests", 20u)}
    {
        sweepHandler.setup(this);
    }
@@ -271,7 +271,7 @@ public:
        : sweepInterval_{std::max(
              1u,
              static_cast<uint32_t>(
-                  config.valueOr("dos_guard.sweep_interval", 10.0) * 1000.0))}
+                  config.valueOr("dos_guard.sweep_interval", 1.0) * 1000.0))}
        , ctx_{std::ref(ctx)}
    {
    }