Rate Limiting & Flood Protection
ElixIRCd has built-in flood protection at multiple levels.
Connection Flood Protection
Section titled “Connection Flood Protection”At the TCP layer, before any IRC commands are processed:
- Max connections per IP — prevents a single IP from opening too many connections
- Connection rate throttle — token bucket limits how fast an IP can make new connections
- Violation tracking — repeated violations lead to IP blocking
See Rate Limiting Configuration for all parameters.
Message Flood Protection
Section titled “Message Flood Protection”After a user is connected, their message rate is monitored:
- Global message throttle — each user gets a token bucket
- Per-command overrides — stricter limits for high-impact commands (e.g., JOIN)
- Disconnect on threshold — excessive violations disconnect the user
Default Limits
Section titled “Default Limits”With default settings:
- A user can send up to 40 messages in a burst (bucket capacity)
- Sustained rate is 2 messages per second
- After 10 throttle violations within 60 seconds, the user is disconnected
Configuring Per-Command Limits
Section titled “Configuring Per-Command Limits”To impose stricter limits on JOIN:
command_throttle: %{ "JOIN" => [refill_rate: 0.5, capacity: 5, cost: 1, disconnect_threshold: 3]}Channel Join Throttle (+j)
Section titled “Channel Join Throttle (+j)”Individual channels can enforce their own join rate limits with the +j mode:
MODE #channel +j 5:60 # Max 5 joins per 60 secondsIRC operators bypass channel join throttle.
Inactivity Timeout
Section titled “Inactivity Timeout”Users who don’t send any messages for inactivity_timeout_ms (default: 3 minutes) are disconnected. This prevents ghost connections from accumulating.
Message Delay (+d)
Section titled “Message Delay (+d)”Channels can require a delay before new users can speak:
MODE #channel +d 30 # 30 second delay for new joinersThis prevents “join-flood-spam” patterns.
Channel Message Restrictions
Section titled “Channel Message Restrictions”Channel modes that prevent flood-related abuse:
| Mode | Protection |
|---|---|
+m | Only voiced/opped users can speak |
+C | No CTCP messages |
+c | No color codes (anti-color-flood) |
+T | No NOTICE messages |
+M | Only registered users can speak |
+d | Delay before new users can speak |
+j | Limit join rate |
Exemptions
Section titled “Exemptions”Both connection and message rate limiters support exemptions for trusted sources:
# Connection exemptionsrate_limiter: [ connection: [ exceptions: [ ips: ["127.0.0.1", "::1"], cidrs: ["10.0.0.0/8"] ] ]]
# Message exemptionsrate_limiter: [ message: [ exceptions: [ nicknames: ["TrustedBot"], masks: ["*!*@trusted.service.org"], umodes: ["o"] # Exempt IRC operators ] ]]