https://gitlab.synchro.net/main/sbbs/-/commit/1dff45b547241a4f4d263adb
Modified Files:
src/sbbs3/sbbs_ini.c src/sbbs3/scfg/scfgsrvr.c src/sbbs3/websrvr.cpp websrvr.h
Log Message:
websrvr: make rate-limit subnet auto-filter threshold configurable
Commit 52db12ec6 added a distinct-IP guard to rate_limit_filter() that suppresses subnet-wide filtering when only one host in the bucket abused
the rate limit. The threshold was hardcoded at "more than 1 distinct
host," which is a reasonable default for tight prefixes but too
aggressive for wide ones (/16, /48), where collateral risk to innocent neighbors warrants requiring more distinct abusers first.
Expose it as web_startup_t.rate_limit_filter_subnet_threshold, with:
- new ini key RateLimitFilterSubnetThreshold (default 2 preserves
current behavior; clamped >=1 -- set to 1 to filter on the first
abuser, no neighbor required)
- new SCFG entry under Web Server > Rate Limiting > Subnet Filter
Threshold
Touches the web_startup_t struct, so sbbsctrl.exe needs rebuilding on
Windows hosts.
Co-Authored-By: Claude Opus 4.7 (1M context) <
noreply@anthropic.com>
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)