RATE_LIMIT_*
Platforms
Windows, Unix
(in LISTSERV 17.x builds from 2 May 2024. This feature is NOT available in earlier versions of LISTSERV. Please check your build date as if it is prior to that, attempting to implement this feature will do nothing.)
Abstract
Four variables which set rate limits for certain types of operations performed via the LISTSERV web interface.
Example
|
Unix: |
RATE_LIMIT_LOGIN="20/M" export RATE_LIMIT_LOGIN |
|
Windows: |
RATE_LIMIT_LOGIN=20/M |
Each of the four new variables are set similarly.
Details
To protect against DoS and other abusive behavior, a command rate limit feature has been implemented for the LISTSERV web interface. The following site configuration variables are added:
RATE_LIMIT_LOGIN
RATE_LIMIT_OK
RATE_LIMIT_PW
RATE_LIMIT_SUBSCRIBE
The format is:
limit[/[qty]unit]
If limit = 0, the feature is disabled. If qty is omitted, it defaults to 1 unit. The supported units are S, M, H and D (you can spell it out if you prefer – Seconds, Minutes, Hours, Days – only the first letter is checked). These settings do not require a full restart, just a reload.
If the rate is exceeded, LISTSERV responds with the following template message and does not execute the command.
>>> MSG_RATE_LIMIT_EXCEEDED Command rate limit exceeded
Rate limit exceeded, try again later.
NOTE: It may also be necessary to implement a CAPTCHA solution or at least provision a CAPTCHA badge to prevent bots from attacking your server and triggering the "Command rate limit exceeded" message. Please see WWW_CAPTCHA_BADGE at minimum for this support.
Default Value
The rate limit defaults are as follows:
RATE_LIMIT_LOGIN=10
RATE_LIMIT_OK=10
RATE_LIMIT_PW=10/M
RATE_LIMIT_SUBSCRIBE=50/H
Wildcards
Not allowed.