- Methods: All Methods Documented Methods Hide Methods
- Source: Display Source Hide Source
- Variables: Show Variables Hide Variables
This is a small request-throttle application that handles simple DoS-attacks on the server. A user (request key) is identified via ipAddr or some other key, such as an authenticated userid.
XOTcl Parameters for Class Throttle:
- timeWindow:Time window for computing detailed statistics; can
be configured via OpenACS package parameter
time-window
- timeoutMs: Time window to keep statistics for a user
- startThrottle: If user requests more than this #, her requests are delayed. When larger than toMuch, the parameter is ignored
- toMuch: If user requests more than this #, she is kicked out
The controlling thread contains the classes Users, Throttle, Counter, MaxCounter, ...
- Author:
- Gustaf Neumann
- CVS Identification:
-
$Id: throttle_mod-procs.tcl,v 1.67.2.57 2023/07/10 08:54:49 gustafn Exp $
Class Relations
::xotcl::THREAD create ::throttle
Methods (to be applied on the object)
check (scripted, public)
throttle check
This method should be called once per request that is monitored. It should be called after authentication such we have already the userid if the user is authenticated.
- Partial Call Graph (max 5 caller/called nodes):
- Testcases:
- xotcl_core_tutorial_1, xotcl_core_tutorial_2, test_xo_db_object, test_cr_items
#set t0 [clock milliseconds] :get_context # :log "### check" # # We could as well pass the whole header set via # # {*}[ns_set array [ns_conn headers]] # # but since this code is time critical, just pass the information # actually needed. # set hdrs [ns_conn headers] lassign [:throttle_check ${:requester} ${:pa} ${:url} [ns_conn start] [ns_guesstype [ns_conn url]] ${:community_id} [list pool [ns_conn pool] Sec-Fetch-Dest [ns_set iget $hdrs Sec-Fetch-Dest] Range [ns_set iget $hdrs Range] ]] toMuch ms repeat #set t1 [clock milliseconds] # # result == 0 OK # result < 0 blocked # result > 0 This web server is only open for interactive usage # if {$repeat > 0} { :add_statistics repeat ${:requester} ${:pa} ${:url} ${:query} if {$repeat > 1} { set result 1 } else { set result -1 } } elseif {$toMuch} { :log "*** we have to refuse user ${:requester} with $toMuch requests" :add_statistics reject ${:requester} ${:pa} ${:url} ${:query} set result $toMuch } elseif {$ms} { :log "*** we have to block user ${:requester} for $ms ms" :add_statistics throttle ${:requester} ${:pa} ${:url} ${:query} after $ms :log "*** continue for user ${:requester}" set result 0 } else { set result 0 } #set tend [clock milliseconds] #if {$tend - $t0 > 500} { # ns_log warning "throttle_filter slow, can lead to filter time >1sec: total time [expr {$tend - $t0}], t1 [expr {$t1 - $t0}]" #} return $result
- Methods: All Methods Documented Methods Hide Methods
- Source: Display Source Hide Source
- Variables: Show Variables Hide Variables