Feature request cool down period. #94
Description
Cooldown Period for STUN/TURN Requests
This feature request is just a reminder of what was discussed in the XMPP room (eturnal@conference.process-one.net). It revolves around implementing a cool down period limit for STUN/TURN requests originating from the same IP address.
The idea is to restrict the server's responses to a certain number of requests from a single IP within a specified time frame. This approach could help mitigate reflection and amplification attacks, which is definitely a plus.
However, we also talked about the potential complexities this feature might introduce when it comes to debugging any issues that arise. Because of this, it was suggested that the feature should probably be disabled by default.
Another point worth considering is whether it should implement an allow list. This could help exempt certain IPs from the filter, especially for mobile carriers that often group many customers behind CGNAT-ed networks.
Lastly, we should think about whether the request limit should be configurable. For example, should we set it to 10 requests per minute or maybe 1000? Making it adjustable could be a smart move.