Just wondering if there is any form of preventing search flooding in Matrix, and/or if such a thing could be developed? Most large sites limit the number of queries that can come from a given IP address within a given period of time.
In our case we may need to investigate whether this can be implemented on a site by site or root node basis (or at the individual search page configuration) instead of globally - as we host a couple of intranet sites on Matrix via a reverse proxy server, so all traffic originates from a single IP address. Preventing flooding of our public sites though is very important, and it would be great if this could be controlled via the admin interface.
There currently is no flood protection in Matrix, but it certainly could be developed. You should speak to your Squiz account manager about arranging a quote for this development.
If something like this were developed, it'd be good if it applied to any asset, not just asset listing/search. Any page can be a victim of flooding.
I was going to recommend looking into the mod_throttle module for Apache as a flood protection mechanism, but it seems to have been withdrawn from public use. I'm looking for alternatives now.
[quote]I was going to recommend looking into the mod_throttle module for Apache as a flood protection mechanism, but it seems to have been withdrawn from public use. I’m looking for alternatives now.
[right][post=“14995”]<{POST_SNAPBACK}>[/post][/right][/quote]
Thanks - that would be very useful.
I was thinking of something along the lines of the ip-based flood prevention that phpBB’s search page uses (as a very simple example). We may have to look into development work, but I’m thinking perhaps this could become a feature request as its a bit of a vulnerability.
[quote]I was thinking of something along the lines of the ip-based flood prevention that phpBB’s search page uses (as a very simple example). We may have to look into development work, but I’m thinking perhaps this could become a feature request as its a bit of a vulnerability.
[right][post=“15029”]<{POST_SNAPBACK}>[/post][/right][/quote]
Oh, don’t get me wrong – I think its a great feature and you should definitely at least submit it to the Bug Tracker, even if you don’t intend to fund it yourselves. In the meantime, I’m not having much luck finding a direct alternative for mod_throttle, but I am still looking.
[quote]Oh, don’t get me wrong – I think its a great feature and you should definitely at least submit it to the Bug Tracker, even if you don’t intend to fund it yourselves. In the meantime, I’m not having much luck finding a direct alternative for mod_throttle, but I am still looking.
[right][post=“15034”]<{POST_SNAPBACK}>[/post][/right][/quote]
mod_bandwidth?
K
[quote]mod_bandwidth?
[right][post=“15039”]<{POST_SNAPBACK}>[/post][/right][/quote]
Yeah, I looked at that one, and its certainly an option – but its not quite what I had in mind. Again, this is not really a bandwidth issue, specifically. I’m now looking at DDoS protection, but that’s more often done at the iptables layer.
[quote]Yeah, I looked at that one, and its certainly an option – but its not quite what I had in mind. Again, this is not really a bandwidth issue, specifically. I’m now looking at DDoS protection, but that’s more often done at the iptables layer.
[right][post=“15040”]<{POST_SNAPBACK}>[/post][/right][/quote]
The problem is that we have a very high level of legitimate traffic to the site - I looked at mod_cband as this appeared to be the closest currently available module similar to mod_throttle, but it appears to be only able to limit traffic to the whole site.
The flood protection part of phpBB2’s search.php page is a really simple example of what i’m suggesting - it checks a user’s IP and session details and allows only a certain number of search queries from that address per minute.
iptables also sounds like an interesting approach although I’m not familiar with using this for flood protection beyond SYN flood protection; as we have been in discussion regarding development work on this issue with our Squiz account manager I’ll forward this suggestion. What I’m looking at blocking is the number of times someone can request a URL in the format www.myserver.com/search?mode=results&queries_Contents_query=etcetcetc.
Most of these of course will be legitimate search queries, but in my experience users can live with a ‘You must wait 10 seconds before you can try searching again’ message.
I’ll carry on enquiries with our account manager regarding the development request but I’m glad you think this is a good idea for submitting to the bugtracker, I’ll pop a feature request on there.
Cheers,
Miriam