aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Server/Handlers
diff options
context:
space:
mode:
authorteravus2013-10-07 21:35:55 -0500
committerteravus2013-10-07 21:35:55 -0500
commitf76cc6036ebf446553ee5201321879538dafe3b2 (patch)
tree7e33eee605c3baf04a16422f06ac3986f0f27eaa /OpenSim/Server/Handlers
parent* Added a unique and interesting WebSocket grid login processor by hijacking ... (diff)
downloadopensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.zip
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice. * Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers * Added CircularBuffer, used for CPU and Memory friendly rate monitoring. * DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'OpenSim/Server/Handlers')
-rw-r--r--OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs12
-rw-r--r--OpenSim/Server/Handlers/Login/LLLoginHandlers.cs11
-rw-r--r--OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs15
3 files changed, 35 insertions, 3 deletions
diff --git a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs
index 8b23a83..0bd0235 100644
--- a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs
+++ b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs
@@ -42,14 +42,22 @@ using OpenSim.Framework.Servers.HttpServer;
42 42
43namespace OpenSim.Server.Handlers.Asset 43namespace OpenSim.Server.Handlers.Asset
44{ 44{
45 public class AssetServerGetHandler : BaseStreamHandler 45 public class AssetServerGetHandler : BaseStreamHandlerBasicDOSProtector
46 { 46 {
47 // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 47 // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
48 48
49 private IAssetService m_AssetService; 49 private IAssetService m_AssetService;
50 50
51 public AssetServerGetHandler(IAssetService service) : 51 public AssetServerGetHandler(IAssetService service) :
52 base("GET", "/assets") 52 base("GET", "/assets",new BasicDosProtectorOptions()
53 {
54 AllowXForwardedFor = true,
55 ForgetTimeSpan = TimeSpan.FromSeconds(2),
56 MaxRequestsInTimeframe = 5,
57 ReportingName = "ASSETGETDOSPROTECTOR",
58 RequestTimeSpan = TimeSpan.FromSeconds(5),
59 ThrottledAction = ThrottleAction.DoThrottledMethod
60 })
53 { 61 {
54 m_AssetService = service; 62 m_AssetService = service;
55 } 63 }
diff --git a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs
index e4a0ffa..f2a5678 100644
--- a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs
+++ b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs
@@ -145,6 +145,17 @@ namespace OpenSim.Server.Handlers.Login
145 return FailedXMLRPCResponse(); 145 return FailedXMLRPCResponse();
146 146
147 } 147 }
148 public XmlRpcResponse HandleXMLRPCLoginBlocked(XmlRpcRequest request, IPEndPoint client)
149 {
150 XmlRpcResponse response = new XmlRpcResponse();
151 Hashtable resp = new Hashtable();
152
153 resp["reason"] = "presence";
154 resp["message"] = "Logins are currently restricted. Please try again later.";
155 resp["login"] = "false";
156 response.Value = resp;
157 return response;
158 }
148 159
149 public XmlRpcResponse HandleXMLRPCSetLoginLevel(XmlRpcRequest request, IPEndPoint remoteClient) 160 public XmlRpcResponse HandleXMLRPCSetLoginLevel(XmlRpcRequest request, IPEndPoint remoteClient)
150 { 161 {
diff --git a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs
index 97e8295..f60e892 100644
--- a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs
+++ b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs
@@ -44,6 +44,7 @@ namespace OpenSim.Server.Handlers.Login
44 44
45 private ILoginService m_LoginService; 45 private ILoginService m_LoginService;
46 private bool m_Proxy; 46 private bool m_Proxy;
47 private BasicDosProtectorOptions m_DosProtectionOptions;
47 48
48 public LLLoginServiceInConnector(IConfigSource config, IHttpServer server, IScene scene) : 49 public LLLoginServiceInConnector(IConfigSource config, IHttpServer server, IScene scene) :
49 base(config, server, String.Empty) 50 base(config, server, String.Empty)
@@ -88,6 +89,16 @@ namespace OpenSim.Server.Handlers.Login
88 throw new Exception(String.Format("No LocalServiceModule for LoginService in config file")); 89 throw new Exception(String.Format("No LocalServiceModule for LoginService in config file"));
89 90
90 m_Proxy = serverConfig.GetBoolean("HasProxy", false); 91 m_Proxy = serverConfig.GetBoolean("HasProxy", false);
92 m_DosProtectionOptions = new BasicDosProtectorOptions();
93 // Dos Protection Options
94 m_DosProtectionOptions.AllowXForwardedFor = serverConfig.GetBoolean("DOSAllowXForwardedForHeader", false);
95 m_DosProtectionOptions.RequestTimeSpan =
96 TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSRequestTimeFrameMS", 10000));
97 m_DosProtectionOptions.MaxRequestsInTimeframe = serverConfig.GetInt("DOSMaxRequestsInTimeFrame", 5);
98 m_DosProtectionOptions.ForgetTimeSpan =
99 TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSForgiveClientAfterMS", 120000));
100 m_DosProtectionOptions.ReportingName = "LOGINDOSPROTECTION";
101
91 102
92 return loginService; 103 return loginService;
93 } 104 }
@@ -95,7 +106,9 @@ namespace OpenSim.Server.Handlers.Login
95 private void InitializeHandlers(IHttpServer server) 106 private void InitializeHandlers(IHttpServer server)
96 { 107 {
97 LLLoginHandlers loginHandlers = new LLLoginHandlers(m_LoginService, m_Proxy); 108 LLLoginHandlers loginHandlers = new LLLoginHandlers(m_LoginService, m_Proxy);
98 server.AddXmlRPCHandler("login_to_simulator", loginHandlers.HandleXMLRPCLogin, false); 109 server.AddXmlRPCHandler("login_to_simulator",
110 new XmlRpcBasicDOSProtector(loginHandlers.HandleXMLRPCLogin,loginHandlers.HandleXMLRPCLoginBlocked,
111 m_DosProtectionOptions).Process, false);
99 server.AddXmlRPCHandler("set_login_level", loginHandlers.HandleXMLRPCSetLoginLevel, false); 112 server.AddXmlRPCHandler("set_login_level", loginHandlers.HandleXMLRPCSetLoginLevel, false);
100 server.SetDefaultLLSDHandler(loginHandlers.HandleLLSDLogin); 113 server.SetDefaultLLSDHandler(loginHandlers.HandleLLSDLogin);
101 server.AddWebSocketHandler("/WebSocket/GridLogin", loginHandlers.HandleWebSocketLoginEvents); 114 server.AddWebSocketHandler("/WebSocket/GridLogin", loginHandlers.HandleWebSocketLoginEvents);