In my application I need something like this.
If the clients are detected to be "bad", then they will be sent to the
blacklist.
This would be a great plus for MINA.
Regards,
Rodrigo
On 6/22/07, Mark Webb <[EMAIL PROTECTED]> wrote:
This is what I was thinking. I will create a JIRA entry and add this code
in....
--START--------------------------------------------
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import org.apache.mina.common.IoFilterAdapter;
import org.apache.mina.common.IoSession;
import org.apache.mina.util.ExpiringMap;
import org.apache.mina.util.SessionLog;
public class ConnThrottleFilter extends IoFilterAdapter {
private static final long DEFAULT_TIME = 1000;
private long waitTime;
private final ExpiringMap<String,Long> clients;
public ConnThrottleFilter() {
this( DEFAULT_TIME );
}
public ConnThrottleFilter( long millis ){
this.waitTime = millis;
clients = new ExpiringMap<String,Long>(60);
}
public void setWaitTime(long waitTime) {
this.waitTime = waitTime;
}
private synchronized boolean isConnectionOk( IoSession session ){
SocketAddress remoteAddress = session.getRemoteAddress();
if( remoteAddress instanceof InetSocketAddress )
{
long now = System.currentTimeMillis();
InetSocketAddress addr = (InetSocketAddress)remoteAddress;
String host = addr.getAddress().getHostAddress();
if( clients.containsKey(host)){
Long time = clients.get(host);
if( (now-time) > waitTime ){
return false;
}
} else {
clients.put( addr.getAddress().getHostAddress(), now );
return true;
}
}
return false;
}
@Override
public void sessionCreated(NextFilter nextFilter, IoSession session)
throws Exception {
if( ! isConnectionOk(session)){
SessionLog.info( session, "Connections coming in too fast;
closing." );
session.close();
}
}
}
--END--------------------------------------------------------
On 6/22/07, Norman Maurer <[EMAIL PROTECTED]> wrote:
>
> Hi Mat,
>
> it depends on your protocol. You should think about how many connects
are
> asspected ;-)
>
> bye
> Norman
>
> On Fri, 22 Jun 2007 15:15:29 +0800, mat <[EMAIL PROTECTED]>
wrote:
> > Can you give some idea what the configured time could be?
> >
> > On 6/22/07, Norman Maurer <[EMAIL PROTECTED]> wrote:
> >>
> >> You could write a IOFilter which limit the connections per Ip in a
> >> configured time. I did the same in a project for limiting the
> > connections
> >> per time on a smtpserver.
> >>
> >> Bye
> >> Norman
> >>
> >>
> >> On Fri, 22 Jun 2007 14:16:53 +0800, mat <[EMAIL PROTECTED]>
> > wrote:
> >> > Thanks. My concern is what if some clients write a loop keep
opening
> >> socket
> >> > connection and my server keeps accepting and eventually mina core
> will
> >> > reject any new connections. Is that possible to happen? Correct me
if
> > i
> >> am
> >> > wrong,
> >> >
> >> > On 6/22/07, 凌晨 <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> Dear mat:
> >> >> I think you should implement your own handler to detect this
kind
> > of
> >> >> connections from time to time then kill them all.
> >> >> You send some detecting packets to these connected connetions,no
> >> >> response,no connection.
> >> >> Best Wishes
> >> >>
> >> >> ----- Original Message -----
> >> >> From: "Mark Webb" <[EMAIL PROTECTED]>
> >> >> To: <dev@mina.apache.org>
> >> >> Sent: Friday, June 22, 2007 8:56 AM
> >> >> Subject: Re: malicious client
> >> >>
> >> >>
> >> >> > maybe a variant of the throttle filter which only allows one
> >> > connection
> >> >> per
> >> >> > IP at a time.
> >> >> >
> >> >> > On 6/21/07, mat <[EMAIL PROTECTED]> wrote:
> >> >> >>
> >> >> >> Thanks. But how should I set the TIMEOUT since the malicious
> >> >> client could
> >> >> >> connect by programming a loop, couldn't he?
> >> >> >>
> >> >> >> 2007/6/21, Mark Webb <[EMAIL PROTECTED]>:
> >> >> >> >
> >> >> >> > an IoFilter could probably work. This is related to the
filter
> >> > work
> >> >> >> that
> >> >> >> > was discussed a while back that dealt with heartbeats.
> >> >> >> >
> >> >> >> > On 6/21/07, Julien Vermillard <[EMAIL PROTECTED]> wrote:
> >> >> >> > >
> >> >> >> > > On Thu, 21 Jun 2007 20:46:55 +0800
> >> >> >> > > mat <[EMAIL PROTECTED]> wrote:
> >> >> >> > >
> >> >> >> > > > I wonder whether any function could prevent Mina from a
> >> > malicious
> >> >> >> > > > client attacking by opening connections and not sending
any
> >> > data.
> >> >> If
> >> >> >> > > > NOT, how could I do? Thanks.
> >> >> >> > >
> >> >> >> > > Hi,
> >> >> >> > >
> >> >> >> > > Just detect IDLEness, in your IoHandler sessionIdle.
> >> >> >> > > If a client doesn't send enought data, close it.
> >> >> >> > >
> >> >> >> > > HTH
> >> >> >> > >
> >> >> >> > > Julien
> >> >> >> > >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> > ..Cheers
> >> >> >> > Mark
> >> >> >> >
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > ..Cheers
> >> >> > Mark
> >> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
> > !DSPAM:1,467b7764240371295747258!
> >
> >
>
>
--
..Cheers
Mark
