diff options
| author | teravus | 2013-10-07 21:35:55 -0500 |
|---|---|---|
| committer | teravus | 2013-10-07 21:35:55 -0500 |
| commit | f76cc6036ebf446553ee5201321879538dafe3b2 (patch) | |
| tree | 7e33eee605c3baf04a16422f06ac3986f0f27eaa /OpenSim/Server | |
| parent | * Added a unique and interesting WebSocket grid login processor by hijacking ... (diff) | |
| download | opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.zip opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2 opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz | |
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'OpenSim/Server')
| -rw-r--r-- | OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs | 12 | ||||
| -rw-r--r-- | OpenSim/Server/Handlers/Login/LLLoginHandlers.cs | 11 | ||||
| -rw-r--r-- | OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs | 15 |
3 files changed, 35 insertions, 3 deletions
diff --git a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs index 8b23a83..0bd0235 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs | |||
| @@ -42,14 +42,22 @@ using OpenSim.Framework.Servers.HttpServer; | |||
| 42 | 42 | ||
| 43 | namespace OpenSim.Server.Handlers.Asset | 43 | namespace OpenSim.Server.Handlers.Asset |
| 44 | { | 44 | { |
| 45 | public class AssetServerGetHandler : BaseStreamHandler | 45 | public class AssetServerGetHandler : BaseStreamHandlerBasicDOSProtector |
| 46 | { | 46 | { |
| 47 | // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 47 | // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
| 48 | 48 | ||
| 49 | private IAssetService m_AssetService; | 49 | private IAssetService m_AssetService; |
| 50 | 50 | ||
| 51 | public AssetServerGetHandler(IAssetService service) : | 51 | public AssetServerGetHandler(IAssetService service) : |
| 52 | base("GET", "/assets") | 52 | base("GET", "/assets",new BasicDosProtectorOptions() |
| 53 | { | ||
| 54 | AllowXForwardedFor = true, | ||
| 55 | ForgetTimeSpan = TimeSpan.FromSeconds(2), | ||
| 56 | MaxRequestsInTimeframe = 5, | ||
| 57 | ReportingName = "ASSETGETDOSPROTECTOR", | ||
| 58 | RequestTimeSpan = TimeSpan.FromSeconds(5), | ||
| 59 | ThrottledAction = ThrottleAction.DoThrottledMethod | ||
| 60 | }) | ||
| 53 | { | 61 | { |
| 54 | m_AssetService = service; | 62 | m_AssetService = service; |
| 55 | } | 63 | } |
diff --git a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs index e4a0ffa..f2a5678 100644 --- a/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs +++ b/OpenSim/Server/Handlers/Login/LLLoginHandlers.cs | |||
| @@ -145,6 +145,17 @@ namespace OpenSim.Server.Handlers.Login | |||
| 145 | return FailedXMLRPCResponse(); | 145 | return FailedXMLRPCResponse(); |
| 146 | 146 | ||
| 147 | } | 147 | } |
| 148 | public XmlRpcResponse HandleXMLRPCLoginBlocked(XmlRpcRequest request, IPEndPoint client) | ||
| 149 | { | ||
| 150 | XmlRpcResponse response = new XmlRpcResponse(); | ||
| 151 | Hashtable resp = new Hashtable(); | ||
| 152 | |||
| 153 | resp["reason"] = "presence"; | ||
| 154 | resp["message"] = "Logins are currently restricted. Please try again later."; | ||
| 155 | resp["login"] = "false"; | ||
| 156 | response.Value = resp; | ||
| 157 | return response; | ||
| 158 | } | ||
| 148 | 159 | ||
| 149 | public XmlRpcResponse HandleXMLRPCSetLoginLevel(XmlRpcRequest request, IPEndPoint remoteClient) | 160 | public XmlRpcResponse HandleXMLRPCSetLoginLevel(XmlRpcRequest request, IPEndPoint remoteClient) |
| 150 | { | 161 | { |
diff --git a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs index 97e8295..f60e892 100644 --- a/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs +++ b/OpenSim/Server/Handlers/Login/LLLoginServiceInConnector.cs | |||
| @@ -44,6 +44,7 @@ namespace OpenSim.Server.Handlers.Login | |||
| 44 | 44 | ||
| 45 | private ILoginService m_LoginService; | 45 | private ILoginService m_LoginService; |
| 46 | private bool m_Proxy; | 46 | private bool m_Proxy; |
| 47 | private BasicDosProtectorOptions m_DosProtectionOptions; | ||
| 47 | 48 | ||
| 48 | public LLLoginServiceInConnector(IConfigSource config, IHttpServer server, IScene scene) : | 49 | public LLLoginServiceInConnector(IConfigSource config, IHttpServer server, IScene scene) : |
| 49 | base(config, server, String.Empty) | 50 | base(config, server, String.Empty) |
| @@ -88,6 +89,16 @@ namespace OpenSim.Server.Handlers.Login | |||
| 88 | throw new Exception(String.Format("No LocalServiceModule for LoginService in config file")); | 89 | throw new Exception(String.Format("No LocalServiceModule for LoginService in config file")); |
| 89 | 90 | ||
| 90 | m_Proxy = serverConfig.GetBoolean("HasProxy", false); | 91 | m_Proxy = serverConfig.GetBoolean("HasProxy", false); |
| 92 | m_DosProtectionOptions = new BasicDosProtectorOptions(); | ||
| 93 | // Dos Protection Options | ||
| 94 | m_DosProtectionOptions.AllowXForwardedFor = serverConfig.GetBoolean("DOSAllowXForwardedForHeader", false); | ||
| 95 | m_DosProtectionOptions.RequestTimeSpan = | ||
| 96 | TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSRequestTimeFrameMS", 10000)); | ||
| 97 | m_DosProtectionOptions.MaxRequestsInTimeframe = serverConfig.GetInt("DOSMaxRequestsInTimeFrame", 5); | ||
| 98 | m_DosProtectionOptions.ForgetTimeSpan = | ||
| 99 | TimeSpan.FromMilliseconds(serverConfig.GetInt("DOSForgiveClientAfterMS", 120000)); | ||
| 100 | m_DosProtectionOptions.ReportingName = "LOGINDOSPROTECTION"; | ||
| 101 | |||
| 91 | 102 | ||
| 92 | return loginService; | 103 | return loginService; |
| 93 | } | 104 | } |
| @@ -95,7 +106,9 @@ namespace OpenSim.Server.Handlers.Login | |||
| 95 | private void InitializeHandlers(IHttpServer server) | 106 | private void InitializeHandlers(IHttpServer server) |
| 96 | { | 107 | { |
| 97 | LLLoginHandlers loginHandlers = new LLLoginHandlers(m_LoginService, m_Proxy); | 108 | LLLoginHandlers loginHandlers = new LLLoginHandlers(m_LoginService, m_Proxy); |
| 98 | server.AddXmlRPCHandler("login_to_simulator", loginHandlers.HandleXMLRPCLogin, false); | 109 | server.AddXmlRPCHandler("login_to_simulator", |
| 110 | new XmlRpcBasicDOSProtector(loginHandlers.HandleXMLRPCLogin,loginHandlers.HandleXMLRPCLoginBlocked, | ||
| 111 | m_DosProtectionOptions).Process, false); | ||
| 99 | server.AddXmlRPCHandler("set_login_level", loginHandlers.HandleXMLRPCSetLoginLevel, false); | 112 | server.AddXmlRPCHandler("set_login_level", loginHandlers.HandleXMLRPCSetLoginLevel, false); |
| 100 | server.SetDefaultLLSDHandler(loginHandlers.HandleLLSDLogin); | 113 | server.SetDefaultLLSDHandler(loginHandlers.HandleLLSDLogin); |
| 101 | server.AddWebSocketHandler("/WebSocket/GridLogin", loginHandlers.HandleWebSocketLoginEvents); | 114 | server.AddWebSocketHandler("/WebSocket/GridLogin", loginHandlers.HandleWebSocketLoginEvents); |