* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler

* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user,     It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.

2 files changed, 37 insertions, 1 deletions

diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index de6fc28..74c208d 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -356,6 +356,25 @@ MapGetServiceConnector = "8002/OpenSim.Server.Handlers.dll:MapGetServiceConnecto
     ;;      'America/Los_Angeles' is used on Linux/Mac systems whilst 'Pacific Standard Time' is used on Windows
     DSTZone = "America/Los_Angeles;Pacific Standard Time"
 
+    ;Basic Login Service Dos Protection Tweaks
+    ;;
+    ;; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true
+    ;; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to
+    ;;     get around this basic DOS protection.
+    ;DOSAllowXForwardedForHeader = false
+    ;;
+    ;; The protector adds up requests during this rolling period of time, default 10 seconds
+    ;DOSRequestTimeFrameMS = 10000
+    ;;
+    ;; The amount of requests in the above timeframe from the same endpoint that triggers protection
+    ;DOSMaxRequestsInTimeFrame = 5
+    ;;
+    ;; The amount of time that a specific endpoint is blocked.    Default 2 minutes.
+    ;DOSForgiveClientAfterMS = 120000
+    ;; 
+    ;; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0.
+
+
 [MapImageService]
     LocalServiceModule = "OpenSim.Services.MapImageService.dll:MapImageService"
         ; Set this if you want to change the default
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index 12c5b95..75fd956 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -117,7 +117,7 @@
     SRV_AssetServerURI = "http://127.0.0.1:9000"
     SRV_ProfileServerURI = "http://127.0.0.1:9000"
     SRV_FriendsServerURI = "http://127.0.0.1:9000"
-    SRV_IMServerURI = "http://127.0.0.1:9000"
+    SRV_IMServerURI = "http://127.0.0.1:9000
 
     ;; For Viewer 2
     MapTileURL = "http://127.0.0.1:9000/"
@@ -150,6 +150,23 @@
     ;AllowedClients = ""
     ;DeniedClients = ""
 
+    ; Basic Login Service Dos Protection Tweaks
+    ; ;
+    ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true
+    ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to
+    ; ;     get around this basic DOS protection.
+    ; DOSAllowXForwardedForHeader = false
+    ; ;
+    ; ; The protector adds up requests during this rolling period of time, default 10 seconds
+    ; DOSRequestTimeFrameMS = 10000
+    ; ;
+    ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection
+    ; DOSMaxRequestsInTimeFrame = 5
+    ; ;
+    ; ; The amount of time that a specific endpoint is blocked.    Default 2 minutes.
+    ; DOSForgiveClientAfterMS = 120000
+    ; ; 
+    ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0.
 
 [FreeswitchService]
     ;; If FreeSWITCH is not being used then you don't need to set any of these parameters