diff options
author | teravus | 2013-10-07 21:35:55 -0500 |
---|---|---|
committer | teravus | 2013-10-07 21:35:55 -0500 |
commit | f76cc6036ebf446553ee5201321879538dafe3b2 (patch) | |
tree | 7e33eee605c3baf04a16422f06ac3986f0f27eaa /bin/Robust.ini.example | |
parent | * Added a unique and interesting WebSocket grid login processor by hijacking ... (diff) | |
download | opensim-SC-f76cc6036ebf446553ee5201321879538dafe3b2.zip opensim-SC-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz opensim-SC-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2 opensim-SC-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz |
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'bin/Robust.ini.example')
-rw-r--r-- | bin/Robust.ini.example | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index de6fc28..74c208d 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
@@ -356,6 +356,25 @@ MapGetServiceConnector = "8002/OpenSim.Server.Handlers.dll:MapGetServiceConnecto | |||
356 | ;; 'America/Los_Angeles' is used on Linux/Mac systems whilst 'Pacific Standard Time' is used on Windows | 356 | ;; 'America/Los_Angeles' is used on Linux/Mac systems whilst 'Pacific Standard Time' is used on Windows |
357 | DSTZone = "America/Los_Angeles;Pacific Standard Time" | 357 | DSTZone = "America/Los_Angeles;Pacific Standard Time" |
358 | 358 | ||
359 | ;Basic Login Service Dos Protection Tweaks | ||
360 | ;; | ||
361 | ;; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true | ||
362 | ;; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to | ||
363 | ;; get around this basic DOS protection. | ||
364 | ;DOSAllowXForwardedForHeader = false | ||
365 | ;; | ||
366 | ;; The protector adds up requests during this rolling period of time, default 10 seconds | ||
367 | ;DOSRequestTimeFrameMS = 10000 | ||
368 | ;; | ||
369 | ;; The amount of requests in the above timeframe from the same endpoint that triggers protection | ||
370 | ;DOSMaxRequestsInTimeFrame = 5 | ||
371 | ;; | ||
372 | ;; The amount of time that a specific endpoint is blocked. Default 2 minutes. | ||
373 | ;DOSForgiveClientAfterMS = 120000 | ||
374 | ;; | ||
375 | ;; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. | ||
376 | |||
377 | |||
359 | [MapImageService] | 378 | [MapImageService] |
360 | LocalServiceModule = "OpenSim.Services.MapImageService.dll:MapImageService" | 379 | LocalServiceModule = "OpenSim.Services.MapImageService.dll:MapImageService" |
361 | ; Set this if you want to change the default | 380 | ; Set this if you want to change the default |