Hi Jamie, At the moment Channels has quite limited support for throttling - it pretty much consists of an adjustable channel size for incoming connections which, when full, will cause the server to return a 503 error. Workers are load-balanced based on availability due to the channels design, so there's no risk of a worker gaining a larger queue than others.
Providing more advanced DoS or DDoS protection is probably not something we can do within the scope of Channels itself, but I'd like to make sure we provide the appropriate hooks. Were there particular things you think we could implement that would help you write some of the things you need? (It's also worth bearing in mind that right now we're changing the worker/consumer layout substantially as part of a major rewrite, which is going to mean different considerations when scaling, so I don't want to give too precise advice just yet) Andrew On Tue, Aug 8, 2017 at 10:19 AM, Jamie Counsell <jamiecouns...@me.com> wrote: > Hey folks, > > I'm working on a Django Channels project and was wondering if there was > (or was a roadmap for) features that could help us control load issues at > the application level. I asked on StackOverflow > <https://stackoverflow.com/questions/45122724/load-spike-protection-for-django-channels/> > but > made the mistake of including the term "DDoS" and so I received a bunch of > generic DDoS explanations. I know that DDoS is in some cases a different > beast entirely, but I also think that smaller attacks or load issues > related to any traffic increase could be handled at the application level. > For example, Django Rest Framework's Throttling support provides a great > way to do things like prioritize or not throttle authenticated users, but > throttle anonymous users. I'm wondering if Channels or Daphne has support > for something like: > > - Throttling (per channel, ideally) > - Dynamic worker assignment based on queue size, response time, etc. > - Middleware to provide priority to requests based on some metric > (authenticated, for example) > - Priority decorators for consumers that could tell workers not to run > certain consumers if the queue is large > > Right now I have a design that could cause the socket channel to > experience high latency or a full queue in certain situations. This is fine > as there is very little that it does that is critical, but I've had to move > a specific feature to the HTTP layer to make sure it doesn't get mixed up > in the websocket traffic. > > Again, I'm not specifically looking at protecting the site against a > malicious attack - accidental load spikes are probably more common and can > happen for lots of reasons like slashdotting > <https://en.wikipedia.org/wiki/Slashdot_effect>. > > I'm happy to discuss this in more detail, but am just working on first > finding a community of people that can provide some educated insight. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-users/147c4fdc-b051-4918-93cb-7732096e46ca%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/147c4fdc-b051-4918-93cb-7732096e46ca%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFwN1upzccg3jv7cEA1C3XOTrArEhnPvfXoiFGyiX655qa6uPw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
