diff options
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'bin/config-include/StandaloneCommon.ini.example')
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 12c5b95..75fd956 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -117,7 +117,7 @@ | |||
117 | SRV_AssetServerURI = "http://127.0.0.1:9000" | 117 | SRV_AssetServerURI = "http://127.0.0.1:9000" |
118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" | 118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" |
119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" | 119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" |
120 | SRV_IMServerURI = "http://127.0.0.1:9000" | 120 | SRV_IMServerURI = "http://127.0.0.1:9000 |
121 | 121 | ||
122 | ;; For Viewer 2 | 122 | ;; For Viewer 2 |
123 | MapTileURL = "http://127.0.0.1:9000/" | 123 | MapTileURL = "http://127.0.0.1:9000/" |
@@ -150,6 +150,23 @@ | |||
150 | ;AllowedClients = "" | 150 | ;AllowedClients = "" |
151 | ;DeniedClients = "" | 151 | ;DeniedClients = "" |
152 | 152 | ||
153 | ; Basic Login Service Dos Protection Tweaks | ||
154 | ; ; | ||
155 | ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true | ||
156 | ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to | ||
157 | ; ; get around this basic DOS protection. | ||
158 | ; DOSAllowXForwardedForHeader = false | ||
159 | ; ; | ||
160 | ; ; The protector adds up requests during this rolling period of time, default 10 seconds | ||
161 | ; DOSRequestTimeFrameMS = 10000 | ||
162 | ; ; | ||
163 | ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection | ||
164 | ; DOSMaxRequestsInTimeFrame = 5 | ||
165 | ; ; | ||
166 | ; ; The amount of time that a specific endpoint is blocked. Default 2 minutes. | ||
167 | ; DOSForgiveClientAfterMS = 120000 | ||
168 | ; ; | ||
169 | ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. | ||
153 | 170 | ||
154 | [FreeswitchService] | 171 | [FreeswitchService] |
155 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters | 172 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters |