Looks good - you got the one thing I would have thought of, to be able to throttle per account.
I'd suspect that tracking db counts in the db itself could cause a DOS, unless the inserts are buffered? Also, how will the tracking work in clustered manager setups? I don't know what this "campo" release is which the wiki page speaks of. :) On Dec 19, 2012, at 10:49 AM, Min Chen <min.c...@citrix.com> wrote: > Hi all, > > Currently, the legitimate users of CloudStack can occasionally hammer the > server with heavy API requests that cause undesirable results, like killing > the server, performance issues for other CloudStack users. Also, it may > become a mechanism for certain malicious users to do malicious attacks to > CloudStack service to cause cloud outage. To prevent certain things happen, > we would like to introduce API request throttling feature to limit number of > APIs that can be placed by each account within certain time duration and will > block API requests if the account is over the limit so that he/she have to > retry later. The detailed FS can be found at > https://cwiki.apache.org/confluence/display/CLOUDSTACK/API+Request+Throttling. > > Please let me know any comments and suggestions. > > Thanks > -min Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
