Item2572: BlackListPlugin waits too long with banned IP making itself a DOS target
Priority: Normal
Current State: Closed
Released In:
Target Release: n/a
BlackListPlugin waits too long with banned IP making itself a DOS target
The current 60 seconds interval is way too long.
It would be better of we could kill the IP at Apache but that requires access to .htaccess and this again means that the Apache must be setup to search the entire directory tree of a Foswiki for .htaccess files. This is a performance killer and should be avoided.
Best compromise is
- Make sure the plugin handles banned IP early
- Make sure the plugin does not put up the entire Foswiki machine to generate a beautiful oops message. Instead write a header and crude ugly message to the banned user and die.
- To slow down site sucking software a small 5 seconds delay should do it and if the script dies in the same kind of time as a normal page view the plugin will not be a DOS attack vector more than any normal topic view.
--
KennethLavrsen - 04 Jan 2010
With .htaccess too slow, what about the plugin maintaining the file in
WorkingDir and we use an Include directive in the apache vhost config?
Of course the solution you've just mentioned should be the default to avoid having to mess with Apache.
--
PaulHarvey - 04 Jan 2010
As far as I know an include from a httpd.conf is only loaded when you restart or reload Apache and that we cannot keep on doing.
--
KennethLavrsen - 04 Jan 2010