diff options
| author | teravus | 2013-10-07 21:35:55 -0500 |
|---|---|---|
| committer | teravus | 2013-10-07 21:35:55 -0500 |
| commit | f76cc6036ebf446553ee5201321879538dafe3b2 (patch) | |
| tree | 7e33eee605c3baf04a16422f06ac3986f0f27eaa /bin/config-include | |
| parent | * Added a unique and interesting WebSocket grid login processor by hijacking ... (diff) | |
| download | opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.zip opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2 opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz | |
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'bin/config-include')
| -rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 12c5b95..75fd956 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
| @@ -117,7 +117,7 @@ | |||
| 117 | SRV_AssetServerURI = "http://127.0.0.1:9000" | 117 | SRV_AssetServerURI = "http://127.0.0.1:9000" |
| 118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" | 118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" |
| 119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" | 119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" |
| 120 | SRV_IMServerURI = "http://127.0.0.1:9000" | 120 | SRV_IMServerURI = "http://127.0.0.1:9000 |
| 121 | 121 | ||
| 122 | ;; For Viewer 2 | 122 | ;; For Viewer 2 |
| 123 | MapTileURL = "http://127.0.0.1:9000/" | 123 | MapTileURL = "http://127.0.0.1:9000/" |
| @@ -150,6 +150,23 @@ | |||
| 150 | ;AllowedClients = "" | 150 | ;AllowedClients = "" |
| 151 | ;DeniedClients = "" | 151 | ;DeniedClients = "" |
| 152 | 152 | ||
| 153 | ; Basic Login Service Dos Protection Tweaks | ||
| 154 | ; ; | ||
| 155 | ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true | ||
| 156 | ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to | ||
| 157 | ; ; get around this basic DOS protection. | ||
| 158 | ; DOSAllowXForwardedForHeader = false | ||
| 159 | ; ; | ||
| 160 | ; ; The protector adds up requests during this rolling period of time, default 10 seconds | ||
| 161 | ; DOSRequestTimeFrameMS = 10000 | ||
| 162 | ; ; | ||
| 163 | ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection | ||
| 164 | ; DOSMaxRequestsInTimeFrame = 5 | ||
| 165 | ; ; | ||
| 166 | ; ; The amount of time that a specific endpoint is blocked. Default 2 minutes. | ||
| 167 | ; DOSForgiveClientAfterMS = 120000 | ||
| 168 | ; ; | ||
| 169 | ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. | ||
| 153 | 170 | ||
| 154 | [FreeswitchService] | 171 | [FreeswitchService] |
| 155 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters | 172 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters |