diff options
author | teravus | 2013-10-07 21:35:55 -0500 |
---|---|---|
committer | teravus | 2013-10-07 21:35:55 -0500 |
commit | f76cc6036ebf446553ee5201321879538dafe3b2 (patch) | |
tree | 7e33eee605c3baf04a16422f06ac3986f0f27eaa /bin | |
parent | * Added a unique and interesting WebSocket grid login processor by hijacking ... (diff) | |
download | opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.zip opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.gz opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.bz2 opensim-SC_OLD-f76cc6036ebf446553ee5201321879538dafe3b2.tar.xz |
* Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and <Various>StreamHandler
* Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice.
* Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers
* Added CircularBuffer, used for CPU and Memory friendly rate monitoring.
* DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there.
Diffstat (limited to 'bin')
-rw-r--r-- | bin/Robust.ini.example | 19 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 19 |
2 files changed, 37 insertions, 1 deletions
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index de6fc28..74c208d 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
@@ -356,6 +356,25 @@ MapGetServiceConnector = "8002/OpenSim.Server.Handlers.dll:MapGetServiceConnecto | |||
356 | ;; 'America/Los_Angeles' is used on Linux/Mac systems whilst 'Pacific Standard Time' is used on Windows | 356 | ;; 'America/Los_Angeles' is used on Linux/Mac systems whilst 'Pacific Standard Time' is used on Windows |
357 | DSTZone = "America/Los_Angeles;Pacific Standard Time" | 357 | DSTZone = "America/Los_Angeles;Pacific Standard Time" |
358 | 358 | ||
359 | ;Basic Login Service Dos Protection Tweaks | ||
360 | ;; | ||
361 | ;; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true | ||
362 | ;; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to | ||
363 | ;; get around this basic DOS protection. | ||
364 | ;DOSAllowXForwardedForHeader = false | ||
365 | ;; | ||
366 | ;; The protector adds up requests during this rolling period of time, default 10 seconds | ||
367 | ;DOSRequestTimeFrameMS = 10000 | ||
368 | ;; | ||
369 | ;; The amount of requests in the above timeframe from the same endpoint that triggers protection | ||
370 | ;DOSMaxRequestsInTimeFrame = 5 | ||
371 | ;; | ||
372 | ;; The amount of time that a specific endpoint is blocked. Default 2 minutes. | ||
373 | ;DOSForgiveClientAfterMS = 120000 | ||
374 | ;; | ||
375 | ;; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. | ||
376 | |||
377 | |||
359 | [MapImageService] | 378 | [MapImageService] |
360 | LocalServiceModule = "OpenSim.Services.MapImageService.dll:MapImageService" | 379 | LocalServiceModule = "OpenSim.Services.MapImageService.dll:MapImageService" |
361 | ; Set this if you want to change the default | 380 | ; Set this if you want to change the default |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 12c5b95..75fd956 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -117,7 +117,7 @@ | |||
117 | SRV_AssetServerURI = "http://127.0.0.1:9000" | 117 | SRV_AssetServerURI = "http://127.0.0.1:9000" |
118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" | 118 | SRV_ProfileServerURI = "http://127.0.0.1:9000" |
119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" | 119 | SRV_FriendsServerURI = "http://127.0.0.1:9000" |
120 | SRV_IMServerURI = "http://127.0.0.1:9000" | 120 | SRV_IMServerURI = "http://127.0.0.1:9000 |
121 | 121 | ||
122 | ;; For Viewer 2 | 122 | ;; For Viewer 2 |
123 | MapTileURL = "http://127.0.0.1:9000/" | 123 | MapTileURL = "http://127.0.0.1:9000/" |
@@ -150,6 +150,23 @@ | |||
150 | ;AllowedClients = "" | 150 | ;AllowedClients = "" |
151 | ;DeniedClients = "" | 151 | ;DeniedClients = "" |
152 | 152 | ||
153 | ; Basic Login Service Dos Protection Tweaks | ||
154 | ; ; | ||
155 | ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true | ||
156 | ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to | ||
157 | ; ; get around this basic DOS protection. | ||
158 | ; DOSAllowXForwardedForHeader = false | ||
159 | ; ; | ||
160 | ; ; The protector adds up requests during this rolling period of time, default 10 seconds | ||
161 | ; DOSRequestTimeFrameMS = 10000 | ||
162 | ; ; | ||
163 | ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection | ||
164 | ; DOSMaxRequestsInTimeFrame = 5 | ||
165 | ; ; | ||
166 | ; ; The amount of time that a specific endpoint is blocked. Default 2 minutes. | ||
167 | ; DOSForgiveClientAfterMS = 120000 | ||
168 | ; ; | ||
169 | ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. | ||
153 | 170 | ||
154 | [FreeswitchService] | 171 | [FreeswitchService] |
155 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters | 172 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters |