How to limit the amount of requests per ip in Node.JS? -

-

If I ever get one, I would like to help to reduce the losses incurred on my node. Was trying to think in a way. I want to limit the IP requests per DDOS attack. I want to limit the number of requests per second to every IP address. For example: Any IP address can not exceed 10 requests every 3 seconds.

So far I have come up with this: 

  http.createServer (req, res, function () {if (req.connection.remoteAddress ????? ?) {Block IP for 15 minutes}}    
 
 
 If you want to make it yourself At the App server level, you will need to create a data structure that records a recent record with a particular IP address so that when new requests arrive, you can look back through history and see if it is too much Requesting more. If so, then deny any more data and, in order to prevent this data from being submitted to your server, you need some kind of cleanup code that will relieve old access data.  
 There is an idea here to do this (without test code for clarifying the idea):  
  function AccessLogger (n, t, blockTime) {this.qty = n; This.time = t; this.blockTime = blocktime; this.requests = {}; // clear the schedule at regular intervals (Every 30 minutes) this.interval = setInterval (this.age.bind (it), 30 * 60 * 1000); } AccessLogger.prototype = {check: function (ip) {var information, access times, now, range, cnt; // add this.add to this access (IP); // Always there should be an information here because we have just added this information =. AccessTimes = info.accessTimes; // calc deadline now = date.now (); Border = now - this. time; // Short circuit if already blocks this IP if (info.blockUntil> = now) {return false; } // short circuit is one such access that has not yet reached maximum quality if (accessTimes.length & lt; this.qty) {back true; } CNT = 0; (Var i = accessTimes.length - 1; i> = 0; i--) {if (access times [i]> range) {++ cnt; } Else {// CONCLUSION CNT is in the order of time so that there is no need to see any more breaks; }} If (CNT> this.qty) {// block from now until now + this.blockTime info.blockUntil = now + this.blockTime; return false; } And {return true; }}, Add: Function (IP) {var info = this.requests [IP]; If (! Info) {info = {accessTimes: [], block even till: 0}; this. Request [ip] = info; } // Push this access time into the access array for this IP info.accessTimes.push [date.now ()] ;; }, Age: function () {// Clean any access that is not currently within. Currently, var ip, information, access times, now = date Now (), range = now - this.time, index; (IP queries in this) {if (this.requests.hasOwnProperty (ip)) {info = this.requests [IP]; AccessTimes = info.accessTimes; // If this one is not currently blocked (info.blockUntil & lt; now) {// If the latest access time is out of date, then the entire object nuke (! Accesstimes.length || accesstimes [accesstimes.length - 1] & lt; border) {delete.requests [ip]; } Else {// If an IP is going regularly, its recent access is never old // We should keep old access times for ages to reach them, if they should // submit (accessTimes. Length> (this.qty * 2) & amp; amp; amp; and access times [0] & lt; border) {index = 0; For (var i = 1; i & lt; accesstimes.length; i ++) {if (access times [i] & lt; border) {index = i; } And {break} }} // array access times. From the front of splice (0, index + 1), index + 1 extract old access title; }}}}}}}; Var Access = New Access Logger (10, 3000, 15000); // Keep it as one of the first middleware, before it works / before other middleware spends, the request spends time in processing the app. Use (function (rik, race, next) {ifes! (Access!). Accesses.check (req.connection.remoteAddress)) {// cancel request res.end ("no data for you!");} Else { Next ();}});   
 In this method there are general limits around IP address monitoring. If many users are sharing an IP address behind NAT, then they will use them all as a single user and they can be blocked due to their joint activity, not because of the activity of the same user.  
 
 But, as the other people have said, until this request goes away in your server, some dosage damage has already happened (it has already been made from your server Taking chakra). It can help bite the request before performing more expensive operations like database operation, but it is better to detect and block high levels (such as Nginx or firewall or load balancer).

Comments

Post a Comment

Popular posts from this blog

java - ImportError: No module named py4j.java_gateway -

-
I'm trying to call the Python using the Java program py4j . I've been installing the plug-in Eclipse and test name Piidvi project. I'm trying to execute the following part of the code found on py4j webpage: Import from py4j.java_gateway to JavaGateway, java_import gateway = JavaGateway () jvm = gateway.jvm java_import (jvm, '' Org.eclipse Kkorkrisorsej. * ") Vrkspes_rut = Jvankresourkesplginkgetvrkspas (). GetRoot (Gateway .help (workspace_root, '* Projects *') project_names = [project.getName () (for projects workpace_root.getProjects))] print (Projekt_nam) But I There is an error in import. I have checked that the P4JJ is present in the Jar Eclipse plugin directory. Can anyone help please? I had to install the py4j application
Read more

python - Receiving "KeyError" after decoding json result from url -

-
I am new to Python I am trying to parse JSON result from a URL. Basically, I was using the following: response = urllib.request.urlopen (url) json_obj = json.load (response) It should be a stroke "str 'not' bytes' in the lines of a given" JSON object, so after searching on the StackoverView Flo, I decode the response in this way: F = urllib.request.urlopen (Url) charset = f.info (). Get_param ('charset', 'utf8') data = f.read () decoded = json.loads (data.decode (charset)) If I print "decode" I is as follows: { 'link': { 'summary data': 'https: // localhost / piwebapi / streams / p0_7qHaW4UHU-RlCaz8tpasAAQAAAAU0hJTExNQU42NDIwXFNJTlVTT0lE / summary' 'value': 'https: // localhost / Piwebapi / streams / P0_7qHaW4UHU-RlCaz8tpasAAQAAAAU0hJTExNQU42NDIwXFNJTlVTT0lE / price ',' InterpolatedData ':' https: // localhost / Piwebapi / streams / P0_7qHaW4UHU-RlCaz8tpasAAQAAAAU0hJTE...
Read more

.net - Creating a new Queue Manager and Queue in Websphere MQ (using C#) -

-
"itemprop =" text "> I am writing applications that use WebSphere MQ to send messages. My unittests (for flow), I want to verify that I have put the correct message on the response queue. I am trying to figure out how to do this. My main obstacle is that I think it might be scary to clear the queue before running in my queue because the same queue can be used by other applications, I thought a decent solution would be a new line The manager will remove the queue for my solidarity and after using it. So my question is: Is it possible to use C # by using queue manager and queue? After the For future reference and future people, who want to make queues. I thought how to make and remove IBM MQ QE (not quenhers) with PCM messaging. It is not very simple, but it can be done. We have implemented it in a library and it is being used to create and delete commands before and after integration tests. The most important part of the code in this library is shown in the...
Read more