From f76cc6036ebf446553ee5201321879538dafe3b2 Mon Sep 17 00:00:00 2001 From: teravus Date: Mon, 7 Oct 2013 21:35:55 -0500 Subject: * Added a Basic DOS protection container/base object for the most common HTTP Server handlers. XMLRPC Handler, GenericHttpHandler and StreamHandler * Applied the XmlRpcBasicDOSProtector.cs to the login service as both an example, and good practice. * Applied the BaseStreamHandlerBasicDOSProtector.cs to the friends service as an example of the DOS Protector on StreamHandlers * Added CircularBuffer, used for CPU and Memory friendly rate monitoring. * DosProtector has 2 states, 1. Just Check for blocked users and check general velocity, 2. Track velocity per user, It only jumps to 2 if it's getting a lot of requests, and state 1 is about as resource friendly as if it wasn't even there. --- bin/config-include/StandaloneCommon.ini.example | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'bin/config-include/StandaloneCommon.ini.example') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 12c5b95..75fd956 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -117,7 +117,7 @@ SRV_AssetServerURI = "http://127.0.0.1:9000" SRV_ProfileServerURI = "http://127.0.0.1:9000" SRV_FriendsServerURI = "http://127.0.0.1:9000" - SRV_IMServerURI = "http://127.0.0.1:9000" + SRV_IMServerURI = "http://127.0.0.1:9000 ;; For Viewer 2 MapTileURL = "http://127.0.0.1:9000/" @@ -150,6 +150,23 @@ ;AllowedClients = "" ;DeniedClients = "" + ; Basic Login Service Dos Protection Tweaks + ; ; + ; ; Some Grids/Users use a transparent proxy that makes use of the X-Forwarded-For HTTP Header, If you do, set this to true + ; ; If you set this to true and you don't have a transparent proxy, it may allow attackers to put random things in the X-Forwarded-For header to + ; ; get around this basic DOS protection. + ; DOSAllowXForwardedForHeader = false + ; ; + ; ; The protector adds up requests during this rolling period of time, default 10 seconds + ; DOSRequestTimeFrameMS = 10000 + ; ; + ; ; The amount of requests in the above timeframe from the same endpoint that triggers protection + ; DOSMaxRequestsInTimeFrame = 5 + ; ; + ; ; The amount of time that a specific endpoint is blocked. Default 2 minutes. + ; DOSForgiveClientAfterMS = 120000 + ; ; + ; ; To turn off basic dos protection, set the DOSMaxRequestsInTimeFrame to 0. [FreeswitchService] ;; If FreeSWITCH is not being used then you don't need to set any of these parameters -- cgit v1.1 From ff8a76825841533bdc5d534b6f58b2ab964ea6c6 Mon Sep 17 00:00:00 2001 From: Fernando Oliveira Date: Sat, 12 Oct 2013 16:33:45 -0500 Subject: Fernando Oliveira's Postgress SQL Server Data Connector as a single commit. * Added PostGreSQL support * Added MySQL/MySQLXGroupData.cs * PostgreSQL data access implementation * PostgreSQL dll binarie and RegionStore.migrations * Migrations Scripts from MSSQL to POSTGRES * Postgres SQL Type fixes * Postgres SQL Connection string * Data type issues * more fixes * tests and +tests * UUID x string - FIGHT! * Fixed PG types to internal csharp types * More data type fix (PostgreSQL fields are case sensitive) :( * more field case sensitive fixes * changed the migration files to be case sensitive for fields. * fixed fields case * finished converting, now search for hidden bugs. * some more fixes * bool type fixed * more case fixes; * creatorID case fixed * case fields fixed * fixed default now() for TMStamp fields with don't allow nulls. * fix case sensitve for Region name and Estate name * fixed case for names for search * fix class name Error * Bug fixed on select and migrations * Un-Reverting my change due to Postgres issue with the ILIKE function * Fixed some issued for Diva Distro * Fixes for integration with Diva Distro * Added System.Core to prebuild.xml for PG project * Configured to make DIff for Push to OpenSim Project * Diffs only to PostgreSQL mods. --- bin/config-include/StandaloneCommon.ini.example | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'bin/config-include/StandaloneCommon.ini.example') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 75fd956..ef4fb3c 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -27,6 +27,12 @@ ;StorageProvider = "OpenSim.Data.MSSQL.dll" ;ConnectionString = "Server=localhost\SQLEXPRESS;Database=opensim;User Id=opensim; password=***;" + ; PGSQL + ; Uncomment these lines if you want to use PGSQL storage + ; Change the connection string to your db details + ;StorageProvider = "OpenSim.Data.PGSQL.dll" + ;ConnectionString = "Server=localhost;Database=opensim;User Id=opensim; password=***;" + [Hypergrid] ; Uncomment the variables in this section only if you are in ; Hypergrid configuration. Otherwise, ignore. -- cgit v1.1 From daf44cc65ed8e2a0158d42011ec8cbeef105d580 Mon Sep 17 00:00:00 2001 From: Michael Cerquoni Date: Sat, 12 Oct 2013 20:47:10 -0400 Subject: fix missing " for variable SRV_IMServerURI in example file --- bin/config-include/StandaloneCommon.ini.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'bin/config-include/StandaloneCommon.ini.example') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index ef4fb3c..a368bb8 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -123,7 +123,7 @@ SRV_AssetServerURI = "http://127.0.0.1:9000" SRV_ProfileServerURI = "http://127.0.0.1:9000" SRV_FriendsServerURI = "http://127.0.0.1:9000" - SRV_IMServerURI = "http://127.0.0.1:9000 + SRV_IMServerURI = "http://127.0.0.1:9000" ;; For Viewer 2 MapTileURL = "http://127.0.0.1:9000/" -- cgit v1.1