本文介绍了是否可以防止Google App Engine上的DoSing?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在考虑为Google App Engine开发一款应用,该应用不应该获得太多流量。我真的不想支付超过免费配额。但是,通过重载应用程序并超过配额,似乎很容易导致拒绝服务攻击。是否有任何方法可以防止或使其难以超过免费配额?例如,我知道我可以限制来自IP的请求数量(使其难以超过CPU配额),但是有什么方法可以使难以超过请求或带宽配额吗?
解决方案
没有防止DoS的内置工具。如果您使用java编写Google Apps,则可以使用 service.FloodFilter 过滤器。下面这段代码将在任何一个Servlet执行之前执行。
package service;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/ **
*
*此过滤器可以通过请求泛洪保护Web服务器免受简单DoS攻击
*的攻击。
*
*它可以限制从一个ip同时处理请求数
*并请求到一个页面。
*
*要使用过滤器,请将这些行添加到< web-app>的web.xml文件中。部分。
*
< filter>
< filter-name> FloodFilter< / filter-name>
< filter-class> service.FloodFilter< / filter-class>
< init-param>
< param-name> maxPageRequests< / param-name>
<参数值> 50< /参数值>
< / init-param>
< init-param>
< param-name> maxClientRequests< / param-name>
< param-value> 5< /参数值>
< / init-param>
< init-param>
< param-name> busyPage< / param-name>
<参数值> /busy.html< /参数值>
< / init-param>
< / filter>
< filter-mapping>
< filter-name> JSP泛滥过滤器< /过滤器名称>
< url-pattern> *。jsp< / url-pattern>
< / filter-mapping>
*
*参数
*
* maxPageRequests:限制对每个页面的同时请求
* maxClientRequests:限制来自一个客户端的同时请求(ip)
*如果超出限制,busyPage:发送给客户端的忙页面
*此页面不能被此过滤器拦截
*
* /
public class FloodFilter implements Filter
{
私人地图< String,Integer> pageRequests;
私人地图< String,Integer> clientRequests;
私有ServletContext上下文;
private int maxPageRequests = 50;
private int maxClientRequests = 10;
私人字符串busyPage =/busy.html;
$ b $ public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)throws IOException,ServletException
{
String page = null;
String ip = null;
try {
if(request instanceof HttpServletRequest){
//获取不带参数的客户端IP和页面URI& jsessionid
HttpServletRequest req =(HttpServletRequest)请求;
page = req.getRequestURI();
if(page.indexOf(';')> = 0)
page = page.substring(0,page.indexOf(';'));
ip = req.getRemoteAddr();
//试试&注册请求
if(!tryRequest(page,ip)){
//处理过程中的太多请求(来自一个客户端或本页)
context.log(Flood denied from + ip +在页面上+页面);
page = null;
//转发到繁忙页面
context.getRequestDispatcher(busyPage).forward(request,response);
return;
}
}
//请求下一个过滤器或servlet
chain.doFilter(request,response);
} finally {
if(page!= null)
//取消注册请求
releaseRequest(page,ip);
$ b私有同步布尔tryRequest(String page,String ip)
{
//检查页面请求
整数pNum = pageRequests.get(page);
if(pNum == null)
pNum = 1;
else {
if(pNum> maxPageRequests)
return false;
pNum = pNum + 1;
}
//检查客户端请求
整数cNum = clientRequests.get(ip);
if(cNum == null)
cNum = 1;
else {
if(cNum> maxClientRequests)
return false;
cNum = cNum + 1;
}
pageRequests.put(page,pNum);
clientRequests.put(ip,cNum);
返回true;
$ b私有同步void releaseRequest(String page,String ip)
{
//删除页面请求
整数pNum = pageRequests .get(page);
if(pNum == null)return;
if(pNum pageRequests.remove(page);
else
pageRequests.put(page,pNum-1);
//删除客户请求
整数cNum = clientRequests.get(ip);
if(cNum == null)return;
if(cNum clientRequests.remove(ip);
else
clientRequests.put(ip,cNum-1);
$ b $ public void init(FilterConfig config)throws ServletException
{
//配置过滤器
this.context = config。的getServletContext();
pageRequests = new HashMap< String,Integer> ();
clientRequests = new HashMap< String,Integer> ();
String s = config.getInitParameter(maxPageRequests);
if(s!= null)
maxPageRequests = Integer.parseInt(s);
s = config.getInitParameter(maxClientRequests);
if(s!= null)
maxClientRequests = Integer.parseInt(s);
s = config.getInitParameter(busyPage);
if(s!= null)
busyPage = s;
$ b public synchronized void destroy()
{
pageRequests.clear();
clientRequests.clear();
- 发件人:
如果您使用的是python,那么您可能必须推出自己的过滤器。
I'm considering developing an app for Google App Engine, which should not get too much traffic. I'd really rather not pay to exceed the free quotas. However, it seems like it would be quite easy to cause a denial of service attack by overloading the app and exceeding the quotas. Are there any methods to prevent or make it harder to exceed the free quotas? I know I could, for example, limit the number of requests from an IP (making it harder to exceed the CPU quota), but is there any way to make it harder to exceed the requests or bandwidth quotas?
解决方案
There are no built-in tools to prevent DoS. If you are writing Google Apps using java then you can use the service.FloodFilter filter. The following piece of code will execute before any of your Servlets do.
package service;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
*
* This filter can protect web server from simple DoS attacks
* via request flooding.
*
* It can limit a number of simultaneously processing requests
* from one ip and requests to one page.
*
* To use filter add this lines to your web.xml file in a <web-app> section.
*
<filter>
<filter-name>FloodFilter</filter-name>
<filter-class>service.FloodFilter</filter-class>
<init-param>
<param-name>maxPageRequests</param-name>
<param-value>50</param-value>
</init-param>
<init-param>
<param-name>maxClientRequests</param-name>
<param-value>5</param-value>
</init-param>
<init-param>
<param-name>busyPage</param-name>
<param-value>/busy.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>JSP flood filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
*
* PARAMETERS
*
* maxPageRequests: limits simultaneous requests to every page
* maxClientRequests: limits simultaneous requests from one client (ip)
* busyPage: busy page to send to client if the limit is exceeded
* this page MUST NOT be intercepted by this filter
*
*/
public class FloodFilter implements Filter
{
private Map <String, Integer> pageRequests;
private Map <String, Integer> clientRequests;
private ServletContext context;
private int maxPageRequests = 50;
private int maxClientRequests = 10;
private String busyPage = "/busy.html";
public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException
{
String page = null;
String ip = null;
try {
if ( request instanceof HttpServletRequest ) {
// obtaining client ip and page URI without parameters & jsessionid
HttpServletRequest req = (HttpServletRequest) request;
page = req.getRequestURI();
if ( page.indexOf( ';' ) >= 0 )
page = page.substring( 0, page.indexOf( ';' ) );
ip = req.getRemoteAddr();
// trying & registering request
if ( !tryRequest( page, ip ) ) {
// too many requests in process (from one client or for this page)
context.log( "Flood denied from "+ip+" on page "+page );
page = null;
// forwarding to busy page
context.getRequestDispatcher( busyPage ).forward( request, response );
return;
}
}
// requesting next filter or servlet
chain.doFilter( request, response );
} finally {
if ( page != null )
// unregistering the request
releaseRequest( page, ip );
}
}
private synchronized boolean tryRequest( String page, String ip )
{
// checking page requests
Integer pNum = pageRequests.get( page );
if ( pNum == null )
pNum = 1;
else {
if ( pNum > maxPageRequests )
return false;
pNum = pNum + 1;
}
// checking client requests
Integer cNum = clientRequests.get( ip );
if ( cNum == null )
cNum = 1;
else {
if ( cNum > maxClientRequests )
return false;
cNum = cNum + 1;
}
pageRequests.put( page, pNum );
clientRequests.put( ip, cNum );
return true;
}
private synchronized void releaseRequest( String page, String ip )
{
// removing page request
Integer pNum = pageRequests.get( page );
if ( pNum == null ) return;
if ( pNum <= 1 )
pageRequests.remove( page );
else
pageRequests.put( page, pNum-1 );
// removing client request
Integer cNum = clientRequests.get( ip );
if ( cNum == null ) return;
if ( cNum <= 1 )
clientRequests.remove( ip );
else
clientRequests.put( ip, cNum-1 );
}
public synchronized void init( FilterConfig config ) throws ServletException
{
// configuring filter
this.context = config.getServletContext();
pageRequests = new HashMap <String,Integer> ();
clientRequests = new HashMap <String,Integer> ();
String s = config.getInitParameter( "maxPageRequests" );
if ( s != null )
maxPageRequests = Integer.parseInt( s );
s = config.getInitParameter( "maxClientRequests" );
if ( s != null )
maxClientRequests = Integer.parseInt( s );
s = config.getInitParameter( "busyPage" );
if ( s != null )
busyPage = s;
}
public synchronized void destroy()
{
pageRequests.clear();
clientRequests.clear();
}
}
If you are using python, then you may have to roll your own filter.
这篇关于是否可以防止Google App Engine上的DoSing?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!