From f76cc6036ebf446553ee5201321879538dafe3b2 Mon Sep 17 00:00:00 2001 From: teravus Date: Mon, 7 Oct 2013 21:35:55 -0500 Subject: * Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and StreamHandler * Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice. * Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers * Added CircularBuffer, used for CPU and Memory friendly rate monitoring. * DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there. --- OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs | 12 ++++++++++-- OpenSim/Server/Handlers/Login/LLLoginHandlers.cs | 11 +++++++++++ .../Server/Handlers/Login/LLLoginServiceInConnector.cs | 15 ++++++++++++++- 3 files changed, 35 insertions(+), 3 deletions(-) (limited to 'OpenSim/Server') diff --git a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs index 8b23a83..0bd0235 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs @@ -42,14 +42,22 @@ using OpenSim.Framework.Servers.HttpServer; namespace OpenSim.Server.Handlers.Asset { - public class AssetServerGetHandler : BaseStreamHandler + public class AssetServerGetHandler : BaseStreamHandlerBasicDOSProtector { // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private IAssetService m_AssetService; public AssetServerGetHandler(IAssetService service) : - base("GET", "/assets") + base("GET", "/assets",new BasicDosProtectorOptions() + { + AllowXForwardedFor = true, + ForgetTimeSpan = TimeSpan.FromSeconds(2), + MaxRequestsInTimeframe = 5, + ReportingName = "ASSETGETDOSPROTECTOR", + RequestTimeSpan = TimeSpan.FromSeconds(5), + ThrottledAction = ThrottleAction.DoThrottledMethod + }) { m_AssetService = service; } diff --git a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs index e4a0ffa..f2a5678 100644 --- a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs +++ b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs @@ -145,6 +145,17 @@ namespace OpenSim.Server.Handlers.Login return FailedXMLRPCResponse(); } + public XmlRpcResponse HandleXMLRPCLoginBlocked(XmlRpcRequest request, IPEndPoint client) + { + XmlRpcResponse response = new XmlRpcResponse(); + Hashtable resp = new Hashtable(); + + resp["reason"] = "presence"; + resp["message"] = "Logins are currently restricted. Please try again later."; + resp["login"] = "false"; + response.Value = resp; + return response; + } public XmlRpcResponse HandleXMLRPCSetLoginLevel(XmlRpcRequest request, IPEndPoint remoteClient) { diff --git a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs index 97e8295..f60e892 100644 --- a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs +++ b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs @@ -44,6 +44,7 @@ namespace OpenSim.Server.Handlers.Login private ILoginService m_LoginService; private bool m_Proxy; + private BasicDosProtectorOptions m_DosProtectionOptions; public LLLoginServiceInConnector(IConfigSource config, IHttpServer server, IScene scene) : base(config, server, String.Empty) @@ -88,6 +89,16 @@ namespace OpenSim.Server.Handlers.Login throw new Exception(String.Format("No LocalServiceModule for LoginService in config file")); m_Proxy = serverConfig.GetBoolean("HasProxy", false); + m_DosProtectionOptions = new BasicDosProtectorOptions(); + // Dos Protection Options + m_DosProtectionOptions.AllowXForwardedFor = serverConfig.GetBoolean("DOSAllowXForwardedForHeader", false); + m_DosProtectionOptions.RequestTimeSpan = + TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSRequestTimeFrameMS", 10000)); + m_DosProtectionOptions.MaxRequestsInTimeframe = serverConfig.GetInt("DOSMaxRequestsInTimeFrame", 5); + m_DosProtectionOptions.ForgetTimeSpan = + TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSForgiveClientAfterMS", 120000)); + m_DosProtectionOptions.ReportingName = "LOGINDOSPROTECTION"; + return loginService; } @@ -95,7 +106,9 @@ namespace OpenSim.Server.Handlers.Login private void InitializeHandlers(IHttpServer server) { LLLoginHandlers loginHandlers = new LLLoginHandlers(m_LoginService, m_Proxy); - server.AddXmlRPCHandler("login_to_simulator", loginHandlers.HandleXMLRPCLogin, false); + server.AddXmlRPCHandler("login_to_simulator", + new XmlRpcBasicDOSProtector(loginHandlers.HandleXMLRPCLogin,loginHandlers.HandleXMLRPCLoginBlocked, + m_DosProtectionOptions).Process, false); server.AddXmlRPCHandler("set_login_level", loginHandlers.HandleXMLRPCSetLoginLevel, false); server.SetDefaultLLSDHandler(loginHandlers.HandleLLSDLogin); server.AddWebSocketHandler("/WebSocket/GridLogin", loginHandlers.HandleWebSocketLoginEvents); -- cgit v1.1