aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/bin/config-include/StandaloneCommon.ini.example
diff options
context:
space:
mode:
authorteravus2013-10-07 21:35:55 -0500
committerteravus2013-10-07 21:35:55 -0500
commitf76cc6036ebf446553ee5201321879538dafe3b2 (patch)
tree7e33eee605c3baf04a16422f06ac3986f0f27eaa /bin/config-include/StandaloneCommon.ini.example
parent* Added a unique and interesting WebSocket grid login processor by hijacking ... (diff)
downloadopensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.zip
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2
opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice. * Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers * Added CircularBuffer, used for CPU and Memory friendly rate monitoring. * DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'bin/config-include/StandaloneCommon.ini.example')
-rw-r--r--bin/config-include/StandaloneCommon.ini.example19
1 files changed, 18 insertions, 1 deletions
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index 12c5b95..75fd956 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -117,7 +117,7 @@
117 SRV_AssetServerURI = "http://127.0.0.1:9000" 117 SRV_AssetServerURI = "http://127.0.0.1:9000"
118 SRV_ProfileServerURI = "http://127.0.0.1:9000" 118 SRV_ProfileServerURI = "http://127.0.0.1:9000"
119 SRV_FriendsServerURI = "http://127.0.0.1:9000" 119 SRV_FriendsServerURI = "http://127.0.0.1:9000"
120 SRV_IMServerURI = "http://127.0.0.1:9000" 120 SRV_IMServerURI = "http://127.0.0.1:9000
121 121
122 ;; For Viewer 2 122 ;; For Viewer 2
123 MapTileURL = "http://127.0.0.1:9000/" 123 MapTileURL = "http://127.0.0.1:9000/"
@@ -150,6 +150,23 @@
150 ;AllowedClients = "" 150 ;AllowedClients = ""
151 ;DeniedClients = "" 151 ;DeniedClients = ""
152 152
153 ; Basic Login Service Dos Protection Tweaks
154 ; ;
155 ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true
156 ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to
157 ; ; get around this basic DOS protection.
158 ; DOSAllowXForwardedForHeader = false
159 ; ;
160 ; ; The protector adds up requests during this rolling period of time, default 10 seconds
161 ; DOSRequestTimeFrameMS = 10000
162 ; ;
163 ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection
164 ; DOSMaxRequestsInTimeFrame = 5
165 ; ;
166 ; ; The amount of time that a specific endpoint is blocked. Default 2 minutes.
167 ; DOSForgiveClientAfterMS = 120000
168 ; ;
169 ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0.
153 170
154[FreeswitchService] 171[FreeswitchService]
155 ;; If FreeSWITCH is not being used then you don't need to set any of these parameters 172 ;; If FreeSWITCH is not being used then you don't need to set any of these parameters