limit queries #13
limit queries #13
Conversation
|
What's the current value? 3 per day sounds low to me
|
|
3 is the default, the web.xml can override it. I would match the download limit, so 2000. |
|
Agreed, 3 seems low as a default. Also, it seems like some files are missing from the commit (I only see the logo?) |
|
Let's set default to 100 at least
|
|
I forgot to run the commit command. Now you should see the files. 2000 is set in web.xml |
|
How easy is this to change? We may need to reduce 2000.
|
|
it is not implemented yet, i choose 2000 just to match the download limit. how about 1000? |
|
Probably more reasonable. Why did the attacks stop over the weekend? What happened? On 7/7/14 3:01 PM, Jian Wu wrote:
|
|
I am writing a new method to my tomcat_log_analyzer to separate the queries. This will tell us more about the attack. |
| @@ -0,0 +1,271 @@ | |||
| /* | |||
| * Copyright 2007 Penn State University | |||
There was a problem hiding this comment.
Can you update this to 2014. Also, other comments that refer to downloads should refer to queries
|
I've changed the variable naming and tested it on the staging machine. The limit specified in web.xml is changed to 1000 per day. I've submitted the updated version. Thanks. |
|
Besides my last comment on whether stopping the same query is really necessary, I think this is ready to merge. |
|
I think the original designer was thinking of cases when some users or bots automatically send the same queries too fast and cause some "query spikes". Anyway, I will go with you this time. |
|
I've commented out the block to check ipaddr+request. New code is tested on csxstaging01. |
Limits the number of queries per IP. Tested on staging.
limit the number of queries per ip per day, default is 3, configurable in web.xml, effective immediately (no need to restart tomcat).
files added:
files updated: