mass render requests

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

mass render requests

Andre Hinrichs
Hi List!

Someone is sending mass render requests without giving a "Requested by"
and all requests with prio 2.

I consider this as a potential DOS (denial of service) attack since
normal rendering of changed tiles is blocked. In any case this makes no
sense.

We should think about a way of stopping DOS attacks.

I could think of two ways:
1.) Users have to authenticate to send render requests with prio 1 or 2.
2.) Users (IPs) can only send a maximum number of prio 2 requests just
like it is with prio 1 requests. The number of allowed prio 2 requests
should be higher of course (e.g. 1000).


What do you think?


Cheers
Andre



_______________________________________________
Tilesathome mailing list
[hidden email]
http://lists.openstreetmap.org/listinfo/tilesathome
Reply | Threaded
Open this post in threaded view
|

Re: mass render requests

Dirk-Lüder Kreie
Am 20.12.2011 23:18, schrieb Andre Hinrichs:

> Hi List!
>
> Someone is sending mass render requests without giving a "Requested by"
> and all requests with prio 2.
>
> I consider this as a potential DOS (denial of service) attack since
> normal rendering of changed tiles is blocked. In any case this makes no
> sense.
>
> We should think about a way of stopping DOS attacks.
>
> I could think of two ways:
> 1.) Users have to authenticate to send render requests with prio 1 or 2.
> 2.) Users (IPs) can only send a maximum number of prio 2 requests just
> like it is with prio 1 requests. The number of allowed prio 2 requests
> should be higher of course (e.g. 1000).
>
>
> What do you think?
TilesAtHome is more or less just in keep-alive mode, and not really in
active development.

If you find a quick fix to the code, I believe spaetz will find time to
apply patches to the running server.

To find a good limit one would have to have a look at our rendering
speed, but unfortunately there aren't any current figures as to
throughput since the munin setup is a bit fragile due to the number of
parties involved to keep it working (not the least due to firewalling at
the location of the tah server, which is not under direct control of
anyone of us).

I was however under the impression that such a limit had been
implemented, but I'm not sure about the exact numbers for each priority
step.

There is another inherent problem of the TilesAtHome process. in that we
cannot render on demand, but have to prerender every change found, which
at some point will not be possible if OSM keeps growing, purely because
of the bandwidth needed to update all the tiles all the time.

I'm not sure how near we are to that point already.

--

Dirk-Lüder "Deelkar" Kreie
Bremen - 53.0901°N 8.7868°E


_______________________________________________
Tilesathome mailing list
[hidden email]
http://lists.openstreetmap.org/listinfo/tilesathome

signature.asc (268 bytes) Download Attachment