aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Servers/HttpServer
diff options
context:
space:
mode:
authorteravus2013-10-07 23:48:24 -0500
committerteravus2013-10-07 23:48:24 -0500
commit1df58d04b16601fb3afa408ef48e59aa68dc335b (patch)
treec19027893d939d6315d16a43b1158644359cdb89 /OpenSim/Framework/Servers/HttpServer
parent* Refactor (diff)
downloadopensim-SC_OLD-1df58d04b16601fb3afa408ef48e59aa68dc335b.zip
opensim-SC_OLD-1df58d04b16601fb3afa408ef48e59aa68dc335b.tar.gz
opensim-SC_OLD-1df58d04b16601fb3afa408ef48e59aa68dc335b.tar.bz2
opensim-SC_OLD-1df58d04b16601fb3afa408ef48e59aa68dc335b.tar.xz
* Move the BasicDOSProtector.cs to OpenSim.Framework (all useful classes belong there.....)
* Add an IsBlocked(string Key) method so it can be used more generically. (think.. if we want to rate limit login failures, we could have a call in the Login Service to IsBlocked(uuid.ToString()) and ignore the connection if it returns true, if IsBlocked returns false, we could run the login information and if the login fails we could run the Process method to count the login failures.
Diffstat (limited to 'OpenSim/Framework/Servers/HttpServer')
-rw-r--r--OpenSim/Framework/Servers/HttpServer/BasicDOSProtector.cs181
1 files changed, 0 insertions, 181 deletions
diff --git a/OpenSim/Framework/Servers/HttpServer/BasicDOSProtector.cs b/OpenSim/Framework/Servers/HttpServer/BasicDOSProtector.cs
deleted file mode 100644
index 50a4ea2..0000000
--- a/OpenSim/Framework/Servers/HttpServer/BasicDOSProtector.cs
+++ /dev/null
@@ -1,181 +0,0 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSimulator Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27using System;
28using System.Collections.Generic;
29using System.Reflection;
30using log4net;
31
32namespace OpenSim.Framework.Servers.HttpServer
33{
34
35 public class BasicDOSProtector
36 {
37 public enum ThrottleAction
38 {
39 DoThrottledMethod,
40 DoThrow
41 }
42 private readonly CircularBuffer<int> _generalRequestTimes; // General request checker
43 private readonly BasicDosProtectorOptions _options;
44 private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection; // per client request checker
45 private readonly Dictionary<string, int> _tempBlocked; // blocked list
46 private readonly System.Timers.Timer _forgetTimer; // Cleanup timer
47 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
48 private readonly System.Threading.ReaderWriterLockSlim _lockSlim = new System.Threading.ReaderWriterLockSlim();
49 public BasicDOSProtector(BasicDosProtectorOptions options)
50 {
51 _generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true);
52 _generalRequestTimes.Put(0);
53 _options = options;
54 _deeperInspection = new Dictionary<string, CircularBuffer<int>>();
55 _tempBlocked = new Dictionary<string, int>();
56 _forgetTimer = new System.Timers.Timer();
57 _forgetTimer.Elapsed += delegate
58 {
59 _forgetTimer.Enabled = false;
60
61 List<string> removes = new List<string>();
62 _lockSlim.EnterReadLock();
63 foreach (string str in _tempBlocked.Keys)
64 {
65 if (
66 Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(),
67 _tempBlocked[str]) > 0)
68 removes.Add(str);
69 }
70 _lockSlim.ExitReadLock();
71 lock (_deeperInspection)
72 {
73 _lockSlim.EnterWriteLock();
74 for (int i = 0; i < removes.Count; i++)
75 {
76 _tempBlocked.Remove(removes[i]);
77 _deeperInspection.Remove(removes[i]);
78 }
79 _lockSlim.ExitWriteLock();
80 }
81 foreach (string str in removes)
82 {
83 m_log.InfoFormat("[{0}] client: {1} is no longer blocked.",
84 _options.ReportingName, str);
85 }
86 _lockSlim.EnterReadLock();
87 if (_tempBlocked.Count > 0)
88 _forgetTimer.Enabled = true;
89 _lockSlim.ExitReadLock();
90 };
91
92 _forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds;
93 }
94 public bool Process(string key, string endpoint)
95 {
96 if (_options.MaxRequestsInTimeframe < 1 || _options.RequestTimeSpan.TotalMilliseconds < 1)
97 return true;
98
99 string clientstring = key;
100
101 _lockSlim.EnterReadLock();
102 if (_tempBlocked.ContainsKey(clientstring))
103 {
104 _lockSlim.ExitReadLock();
105
106 if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
107 return false;
108 else
109 throw new System.Security.SecurityException("Throttled");
110 }
111 _lockSlim.ExitReadLock();
112
113 _generalRequestTimes.Put(Util.EnvironmentTickCount());
114
115 if (_generalRequestTimes.Size == _generalRequestTimes.Capacity &&
116 (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) <
117 _options.RequestTimeSpan.TotalMilliseconds))
118 {
119 //Trigger deeper inspection
120 if (DeeperInspection(key, endpoint))
121 return true;
122 if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
123 return false;
124 else
125 throw new System.Security.SecurityException("Throttled");
126 }
127 return true;
128 }
129 private bool DeeperInspection(string key, string endpoint)
130 {
131 lock (_deeperInspection)
132 {
133 string clientstring = key;
134
135
136 if (_deeperInspection.ContainsKey(clientstring))
137 {
138 _deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
139 if (_deeperInspection[clientstring].Size == _deeperInspection[clientstring].Capacity &&
140 (Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _deeperInspection[clientstring].Get()) <
141 _options.RequestTimeSpan.TotalMilliseconds))
142 {
143 //Looks like we're over the limit
144 _lockSlim.EnterWriteLock();
145 if (!_tempBlocked.ContainsKey(clientstring))
146 _tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds);
147 else
148 _tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds;
149 _lockSlim.ExitWriteLock();
150
151 m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, endpoint);
152
153 return false;
154 }
155 //else
156 // return true;
157 }
158 else
159 {
160 _deeperInspection.Add(clientstring, new CircularBuffer<int>(_options.MaxRequestsInTimeframe + 1, true));
161 _deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
162 _forgetTimer.Enabled = true;
163 }
164
165 }
166 return true;
167 }
168
169 }
170
171
172 public class BasicDosProtectorOptions
173 {
174 public int MaxRequestsInTimeframe;
175 public TimeSpan RequestTimeSpan;
176 public TimeSpan ForgetTimeSpan;
177 public bool AllowXForwardedFor;
178 public string ReportingName = "BASICDOSPROTECTOR";
179 public BasicDOSProtector.ThrottleAction ThrottledAction = BasicDOSProtector.ThrottleAction.DoThrottledMethod;
180 }
181}