From 31c376bc930bc656b683283435b062771a289745 Mon Sep 17 00:00:00 2001
From: Administrator <andreas.dickow@biz-factory.de>
Date: Mon, 27 Apr 2020 11:34:05 +0200
Subject: [PATCH 1/2] add rate limit to prevent ddos

---
 captcha/views.py | 7 ++++---
 setup.py         | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/captcha/views.py b/captcha/views.py
index 495bdd4e..78706310 100644
--- a/captcha/views.py
+++ b/captcha/views.py
@@ -9,6 +9,7 @@
 import os
 import subprocess
 import six
+from ratelimit.decorators import ratelimit
 
 try:
     from cStringIO import StringIO
@@ -40,7 +41,7 @@ def makeimg(size):
         image = Image.new("RGB", size, settings.CAPTCHA_BACKGROUND_COLOR)
     return image
 
-
+@ratelimit(key='ip', rate='1/s')
 def captcha_image(request, key, scale=1):
     try:
         store = CaptchaStore.objects.get(hashkey=key)
@@ -136,7 +137,7 @@ def captcha_image(request, key, scale=1):
 
     return response
 
-
+@ratelimit(key='ip', rate='1/s')
 def captcha_audio(request, key):
     if settings.CAPTCHA_FLITE_PATH:
         try:
@@ -200,7 +201,7 @@ def captcha_audio(request, key):
             return response
     raise Http404
 
-
+@ratelimit(key='ip', rate='1/s')
 def captcha_refresh(request):
     """  Return json with new captcha for ajax refresh request """
     if not request.is_ajax():
diff --git a/setup.py b/setup.py
index 31f3a1e3..2554f16d 100644
--- a/setup.py
+++ b/setup.py
@@ -32,6 +32,7 @@ def run_tests(self):
     "six >=1.2.0",
     "Django >= 1.8",
     "Pillow >=6.2.0",
+    "django-ratelimit>=2.0.0",
     "django-ranged-response == 0.2.0",
 ]
 EXTRAS_REQUIRE = {"test": ("testfixtures",)}

From 12b227747ff856df344811e84f20b118fd7f66f8 Mon Sep 17 00:00:00 2001
From: Administrator <andreas.dickow@biz-factory.de>
Date: Mon, 27 Apr 2020 11:44:23 +0200
Subject: [PATCH 2/2] add block

---
 captcha/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/captcha/views.py b/captcha/views.py
index 78706310..5881fc20 100644
--- a/captcha/views.py
+++ b/captcha/views.py
@@ -41,7 +41,7 @@ def makeimg(size):
         image = Image.new("RGB", size, settings.CAPTCHA_BACKGROUND_COLOR)
     return image
 
-@ratelimit(key='ip', rate='1/s')
+@ratelimit(key='ip', rate='1/s',block=True)
 def captcha_image(request, key, scale=1):
     try:
         store = CaptchaStore.objects.get(hashkey=key)
@@ -137,7 +137,7 @@ def captcha_image(request, key, scale=1):
 
     return response
 
-@ratelimit(key='ip', rate='1/s')
+@ratelimit(key='ip', rate='1/s',block=True)
 def captcha_audio(request, key):
     if settings.CAPTCHA_FLITE_PATH:
         try:
@@ -201,7 +201,7 @@ def captcha_audio(request, key):
             return response
     raise Http404
 
-@ratelimit(key='ip', rate='1/s')
+@ratelimit(key='ip', rate='1/s',block=True)
 def captcha_refresh(request):
     """  Return json with new captcha for ajax refresh request """
     if not request.is_ajax():