Opened 8 years ago

Closed 4 years ago

#1678 closed task (wontfix)

Relax anti-DOS protection for the SVN service

Reported by: strk Owned by: sac@…
Priority: normal Milestone:
Component: SysAdmin Keywords: dos, svn, apache


It looks like 30 requests within a single second are easy to make when it comes to fetching SVN code. See postgis:#3553

This ticket is to raise the DOSSiteCount limit a little bit, after checking that it is really legit to hit that hard, even if it is for an SVN checkout.

Change History (4)

comment:1 by strk, 8 years ago

It was found to be DOSPageCount (3) to be the cause of blocking, not DOSSiteCount (which is 50, btw, not 30): postgis:#3553#comment:6

comment:2 by wildintellect, 8 years ago

It's reasonable to set the svn limits rather high, since a spammer won't have commit rights without a project admin manually adding them to the correct project group. So more than a few hundred hits a minute for all of the possible options.

comment:3 by strk, 8 years ago

It doesn't take commit access to successfully run a denial-of-service attack

comment:4 by robe, 4 years ago

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.