Item2572: BlackListPlugin waits too long with banned IP making itself a DOS target

pencil
Priority: Normal
Current State: Closed
Released In:
Target Release: n/a
Applies To: Extension
Component: BlackListPlugin
Branches:
Reported By: KennethLavrsen
Waiting For: Main.KennethLavrsen
Last Change By: KennethLavrsen
BlackListPlugin waits too long with banned IP making itself a DOS target

The current 60 seconds interval is way too long.

It would be better of we could kill the IP at Apache but that requires access to .htaccess and this again means that the Apache must be setup to search the entire directory tree of a Foswiki for .htaccess files. This is a performance killer and should be avoided.

Best compromise is

  • Make sure the plugin handles banned IP early
  • Make sure the plugin does not put up the entire Foswiki machine to generate a beautiful oops message. Instead write a header and crude ugly message to the banned user and die.
  • To slow down site sucking software a small 5 seconds delay should do it and if the script dies in the same kind of time as a normal page view the plugin will not be a DOS attack vector more than any normal topic view.

-- KennethLavrsen - 04 Jan 2010

With .htaccess too slow, what about the plugin maintaining the file in WorkingDir and we use an Include directive in the apache vhost config?

Of course the solution you've just mentioned should be the default to avoid having to mess with Apache.

-- PaulHarvey - 04 Jan 2010

As far as I know an include from a httpd.conf is only loaded when you restart or reload Apache and that we cannot keep on doing.

-- KennethLavrsen - 04 Jan 2010

ItemTemplate edit

Summary BlackListPlugin waits too long with banned IP making itself a DOS target
ReportedBy KennethLavrsen
Codebase
SVN Range
AppliesTo Extension
Component BlackListPlugin
Priority Normal
CurrentState Closed
WaitingFor KennethLavrsen
Checkins BlackListPlugin:a2db3bed853b
TargetRelease n/a
ReleasedIn
Topic revision: r3 - 04 Jan 2010, KennethLavrsen - This page was cached on 29 Aug 2016 - 04:08.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License