Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Frang] negative cache entries rate limit #520

Closed
krizhanovsky opened this issue May 25, 2016 · 1 comment
Closed

[Frang] negative cache entries rate limit #520

krizhanovsky opened this issue May 25, 2016 · 1 comment
Assignees
@aleksostapenko
Labels
duplicate enhancement security
Milestone
0.5 alpha

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented May 25, 2016
edited

We store negative cache entries in the cache, so a DoS attack is possible when a user just generates any URI and efficiently exhaust Web-cache memory by sending the requests to Tempesta. So Frang should provide a rate limit for number of negative cache entries per time unit.

tfw_cache_mgr (#515) must clear the entries out.

While random URLs, producing tons of negative responses and cache entries, is a popular attack, we also should be able to limit per-client rate of cache bypassing requests. The limit is good to have, but it could be harmful, so #488 solves the problem in more gentle way by QoS.

Please update the Wiki page.
@krizhanovsky krizhanovsky added this to the 0.5.0 Web Server milestone May 25, 2016
@krizhanovsky krizhanovsky mentioned this issue May 25, 2016
Open
22 tasks
@krizhanovsky krizhanovsky modified the milestones: 0.6 WebOS, 0.5.0 Web Server Feb 12, 2017
@krizhanovsky krizhanovsky mentioned this issue Jun 18, 2017
Open
@krizhanovsky krizhanovsky modified the milestones: 1.0 WebOS, 0.5.0 Web Server Oct 31, 2017
@krizhanovsky krizhanovsky modified the milestones: 1.0 Web Server, 0.5 alpha Jan 9, 2018
@krizhanovsky
Copy link
Contributor Author

Actually duplicate of #717, added the use case for Web cache bypass DDoS attack to the Wiki.

@vankoven vankoven mentioned this issue Jan 31, 2018
Merged
@krizhanovsky krizhanovsky modified the milestones: 1.0 Tempesta OS, 0.5 alpha Feb 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aleksostapenko aleksostapenko

Labels
duplicate enhancement security
Projects
None yet
Milestone
0.5 alpha
Development

No branches or pull requests
4 participants
@krizhanovsky @vankoven @keshonok @aleksostapenko