[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7823 [Flashproxy]: Rate-limit facilitator interaction
#7823: Rate-limit facilitator interaction
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: major | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by dcf):
Replying to [comment:1 aallai]:
> There is an apache mod, mod_evasive, that does rate-limiting against
general DoS attacks. It looks
>
> prettyÂeasy to set up and configure.
>
> http://www.zdziarski.com/blog/?page_id=442
Thanks, this is a good idea. I added mod_evasive to the facilitator setup
instructions and we'll see how it goes.
I would like rate limiting to happen not only at the CGI layer. I also
want it to happen at the level of the `facilitator` program, which has
knowledge of the current recommended proxy polling interval. If proxies
are supposed to be polling every 10 minutes, it should refuse to serve
proxies polling more frequently than that.
A vague plan of mine is to allow certain trusted parties to push as many
registrations as they want through the CGI. This is if someone we trust
sets up their own rendezvous system and they want to post their
registrations to us. We should introduce authenticated registrations,
where if a registration has a good signature from a trusted public key, it
is not subject to rate limiting. If we use mod_evasive, we may have to
maintain IP whitelists to prevent rate limiting of trusted registrants at
the Apache level.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7823#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs