From f76cc6036ebf446553ee5201321879538dafe3b2 Mon Sep 17 00:00:00 2001 From: teravus Date: Mon, 7 Oct 2013 21:35:55 -0500 Subject: * Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and StreamHandler * Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice. * Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers * Added CircularBuffer, used for CPU and Memory friendly rate monitoring. * DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there. --- .../Avatar/Friends/FriendsRequestHandler.cs | 12 ++++++++++-- .../CoreModules/World/WorldMap/WorldMapModule.cs | 21 ++++++++++++++++++++- 2 files changed, 30 insertions(+), 3 deletions(-) (limited to 'OpenSim/Region') diff --git a/OpenSim/Region/CoreModules/Avatar/Friends/FriendsRequestHandler.cs b/OpenSim/Region/CoreModules/Avatar/Friends/FriendsRequestHandler.cs index 2116605..ed4b205 100644 --- a/OpenSim/Region/CoreModules/Avatar/Friends/FriendsRequestHandler.cs +++ b/OpenSim/Region/CoreModules/Avatar/Friends/FriendsRequestHandler.cs @@ -42,14 +42,22 @@ using log4net; namespace OpenSim.Region.CoreModules.Avatar.Friends { - public class FriendsRequestHandler : BaseStreamHandler + public class FriendsRequestHandler : BaseStreamHandlerBasicDOSProtector { private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private FriendsModule m_FriendsModule; public FriendsRequestHandler(FriendsModule fmodule) - : base("POST", "/friends") + : base("POST", "/friends", new BasicDosProtectorOptions() + { + AllowXForwardedFor = true, + ForgetTimeSpan = TimeSpan.FromMinutes(2), + MaxRequestsInTimeframe = 5, + ReportingName = "FRIENDSDOSPROTECTOR", + RequestTimeSpan = TimeSpan.FromSeconds(5), + ThrottledAction = ThrottleAction.DoThrottledMethod + }) { m_FriendsModule = fmodule; } diff --git a/OpenSim/Region/CoreModules/World/WorldMap/WorldMapModule.cs b/OpenSim/Region/CoreModules/World/WorldMap/WorldMapModule.cs index a26a5f0..0f05e07 100644 --- a/OpenSim/Region/CoreModules/World/WorldMap/WorldMapModule.cs +++ b/OpenSim/Region/CoreModules/World/WorldMap/WorldMapModule.cs @@ -165,7 +165,16 @@ namespace OpenSim.Region.CoreModules.World.WorldMap regionimage = regionimage.Replace("-", ""); m_log.Info("[WORLD MAP]: JPEG Map location: " + m_scene.RegionInfo.ServerURI + "index.php?method=" + regionimage); - MainServer.Instance.AddHTTPHandler(regionimage, OnHTTPGetMapImage); + MainServer.Instance.AddHTTPHandler(regionimage, + new GenericHTTPDOSProtector(OnHTTPGetMapImage, OnHTTPThrottled, new BasicDosProtectorOptions() + { + AllowXForwardedFor = false, + ForgetTimeSpan = TimeSpan.FromMinutes(2), + MaxRequestsInTimeframe = 4, + ReportingName = "MAPDOSPROTECTOR", + RequestTimeSpan = TimeSpan.FromSeconds(10), + ThrottledAction = ThrottleAction.DoThrottledMethod + }).Process); MainServer.Instance.AddLLSDHandler( "/MAP/MapItems/" + m_scene.RegionInfo.RegionHandle.ToString(), HandleRemoteMapItemRequest); @@ -1081,6 +1090,16 @@ namespace OpenSim.Region.CoreModules.World.WorldMap block.Y = (ushort)(r.RegionLocY / Constants.RegionSize); } + public Hashtable OnHTTPThrottled(Hashtable keysvals) + { + Hashtable reply = new Hashtable(); + int statuscode = 500; + reply["str_response_string"] = "I blocked you! HAHAHAHAHAHAHHAHAH"; + reply["int_response_code"] = statuscode; + reply["content_type"] = "text/plain"; + return reply; + } + public Hashtable OnHTTPGetMapImage(Hashtable keysvals) { m_log.Debug("[WORLD MAP]: Sending map image jpeg"); -- cgit v1.1