mirror of
https://github.com/opensim/opensim.git
synced 2026-05-26 03:45:36 +08:00
* Refactor
* Break out common BasicDOSProtector code into separate class.
This commit is contained in:
teravus
@@ -25,10 +25,7 @@
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
using OpenSim.Framework;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Reflection;
|
||||
using log4net;
|
||||
|
||||
namespace OpenSim.Framework.Servers.HttpServer
|
||||
{
|
||||
@@ -40,61 +37,17 @@ namespace OpenSim.Framework.Servers.HttpServer
|
||||
/// </remarks>
|
||||
public abstract class BaseStreamHandlerBasicDOSProtector : BaseRequestHandler, IStreamedRequestHandler
|
||||
{
|
||||
private readonly CircularBuffer<int> _generalRequestTimes;
|
||||
|
||||
private readonly BasicDosProtectorOptions _options;
|
||||
private readonly Dictionary<string, CircularBuffer<int>> _deeperInspection;
|
||||
private readonly Dictionary<string, int> _tempBlocked;
|
||||
private readonly System.Timers.Timer _forgetTimer;
|
||||
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
|
||||
private readonly System.Threading.ReaderWriterLockSlim _lockSlim = new System.Threading.ReaderWriterLockSlim();
|
||||
private readonly BasicDOSProtector _dosProtector;
|
||||
|
||||
protected BaseStreamHandlerBasicDOSProtector(string httpMethod, string path, BasicDosProtectorOptions options) : this(httpMethod, path, null, null, options) {}
|
||||
|
||||
protected BaseStreamHandlerBasicDOSProtector(string httpMethod, string path, string name, string description, BasicDosProtectorOptions options)
|
||||
: base(httpMethod, path, name, description)
|
||||
{
|
||||
_generalRequestTimes = new CircularBuffer<int>(options.MaxRequestsInTimeframe + 1, true);
|
||||
_generalRequestTimes.Put(0);
|
||||
_options = options;
|
||||
_deeperInspection = new Dictionary<string, CircularBuffer<int>>();
|
||||
_tempBlocked = new Dictionary<string, int>();
|
||||
_forgetTimer = new System.Timers.Timer();
|
||||
_forgetTimer.Elapsed += delegate
|
||||
{
|
||||
_forgetTimer.Enabled = false;
|
||||
|
||||
List<string> removes = new List<string>();
|
||||
_lockSlim.EnterReadLock();
|
||||
foreach (string str in _tempBlocked.Keys)
|
||||
{
|
||||
if (
|
||||
Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(),
|
||||
_tempBlocked[str]) > 0)
|
||||
removes.Add(str);
|
||||
}
|
||||
_lockSlim.ExitReadLock();
|
||||
lock (_deeperInspection)
|
||||
{
|
||||
_lockSlim.EnterWriteLock();
|
||||
for (int i = 0; i < removes.Count; i++)
|
||||
{
|
||||
_tempBlocked.Remove(removes[i]);
|
||||
_deeperInspection.Remove(removes[i]);
|
||||
}
|
||||
_lockSlim.ExitWriteLock();
|
||||
}
|
||||
foreach (string str in removes)
|
||||
{
|
||||
m_log.InfoFormat("[{0}] client: {1} is no longer blocked.",
|
||||
_options.ReportingName, str);
|
||||
}
|
||||
_lockSlim.EnterReadLock();
|
||||
if (_tempBlocked.Count > 0)
|
||||
_forgetTimer.Enabled = true;
|
||||
_lockSlim.ExitReadLock();
|
||||
};
|
||||
|
||||
_forgetTimer.Interval = _options.ForgetTimeSpan.TotalMilliseconds;
|
||||
_dosProtector = new BasicDOSProtector(_options);
|
||||
}
|
||||
|
||||
public virtual byte[] Handle(
|
||||
@@ -102,58 +55,13 @@ namespace OpenSim.Framework.Servers.HttpServer
|
||||
{
|
||||
byte[] result;
|
||||
RequestsReceived++;
|
||||
//httpRequest.Headers
|
||||
|
||||
if (_options.MaxRequestsInTimeframe < 1 || _options.RequestTimeSpan.TotalMilliseconds < 1)
|
||||
{
|
||||
if (_dosProtector.Process(GetClientString(httpRequest), GetRemoteAddr(httpRequest)))
|
||||
result = ProcessRequest(path, request, httpRequest, httpResponse);
|
||||
RequestsHandled++;
|
||||
return result;
|
||||
|
||||
}
|
||||
else
|
||||
result = ThrottledRequest(path, request, httpRequest, httpResponse);
|
||||
|
||||
string clientstring = GetClientString(httpRequest);
|
||||
|
||||
_lockSlim.EnterReadLock();
|
||||
if (_tempBlocked.ContainsKey(clientstring))
|
||||
{
|
||||
_lockSlim.ExitReadLock();
|
||||
|
||||
if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
|
||||
{
|
||||
result = ThrottledRequest(path, request, httpRequest, httpResponse);
|
||||
RequestsHandled++;
|
||||
return result;
|
||||
}
|
||||
else
|
||||
throw new System.Security.SecurityException("Throttled");
|
||||
}
|
||||
_lockSlim.ExitReadLock();
|
||||
|
||||
_generalRequestTimes.Put(Util.EnvironmentTickCount());
|
||||
|
||||
if (_generalRequestTimes.Size == _generalRequestTimes.Capacity &&
|
||||
(Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _generalRequestTimes.Get()) <
|
||||
_options.RequestTimeSpan.TotalMilliseconds))
|
||||
{
|
||||
//Trigger deeper inspection
|
||||
if (DeeperInspection(httpRequest))
|
||||
{
|
||||
result = ProcessRequest(path, request, httpRequest, httpResponse);
|
||||
RequestsHandled++;
|
||||
return result;
|
||||
}
|
||||
if (_options.ThrottledAction == ThrottleAction.DoThrottledMethod)
|
||||
{
|
||||
result = ThrottledRequest(path, request, httpRequest, httpResponse);
|
||||
RequestsHandled++;
|
||||
return result;
|
||||
}
|
||||
else
|
||||
throw new System.Security.SecurityException("Throttled");
|
||||
}
|
||||
|
||||
result =ProcessRequest(path, request, httpRequest, httpResponse);
|
||||
|
||||
RequestsHandled++;
|
||||
|
||||
return result;
|
||||
@@ -171,43 +79,7 @@ namespace OpenSim.Framework.Servers.HttpServer
|
||||
return new byte[0];
|
||||
}
|
||||
|
||||
private bool DeeperInspection(IOSHttpRequest httpRequest)
|
||||
{
|
||||
lock (_deeperInspection)
|
||||
{
|
||||
string clientstring = GetClientString(httpRequest);
|
||||
|
||||
|
||||
if (_deeperInspection.ContainsKey(clientstring))
|
||||
{
|
||||
_deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
|
||||
if (_deeperInspection[clientstring].Size == _deeperInspection[clientstring].Capacity &&
|
||||
(Util.EnvironmentTickCountSubtract(Util.EnvironmentTickCount(), _deeperInspection[clientstring].Get()) <
|
||||
_options.RequestTimeSpan.TotalMilliseconds))
|
||||
{
|
||||
_lockSlim.EnterWriteLock();
|
||||
if (!_tempBlocked.ContainsKey(clientstring))
|
||||
_tempBlocked.Add(clientstring, Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds);
|
||||
else
|
||||
_tempBlocked[clientstring] = Util.EnvironmentTickCount() + (int)_options.ForgetTimeSpan.TotalMilliseconds;
|
||||
_lockSlim.ExitWriteLock();
|
||||
|
||||
m_log.WarnFormat("[{0}]: client: {1} is blocked for {2} milliseconds, X-ForwardedForAllowed status is {3}, endpoint:{4}", _options.ReportingName, clientstring, _options.ForgetTimeSpan.TotalMilliseconds, _options.AllowXForwardedFor, GetRemoteAddr(httpRequest));
|
||||
return false;
|
||||
}
|
||||
//else
|
||||
// return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
_deeperInspection.Add(clientstring, new CircularBuffer<int>(_options.MaxRequestsInTimeframe + 1, true));
|
||||
_deeperInspection[clientstring].Put(Util.EnvironmentTickCount());
|
||||
_forgetTimer.Enabled = true;
|
||||
}
|
||||
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private string GetRemoteAddr(IOSHttpRequest httpRequest)
|
||||
{
|
||||
string remoteaddr = string.Empty;
|
||||
|
||||
Reference in New Issue
Block a user