From 24909b3006504380be82becf696b6c11cdfc99b3 Mon Sep 17 00:00:00 2001 From: orbiter Date: Mon, 21 Feb 2011 15:24:09 +0000 Subject: [PATCH] slightly less restrictive values for DoS git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@7509 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/yacysearch.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/htroot/yacysearch.java b/htroot/yacysearch.java index 5a53b7fa1..f38bb9b21 100644 --- a/htroot/yacysearch.java +++ b/htroot/yacysearch.java @@ -242,28 +242,27 @@ public class yacysearch { } else if (!authenticated && !localhostAccess) { // in case that we do a global search or we want to fetch snippets, we check for DoS cases synchronized (trackerHandles) { - int accInOneSecond = trackerHandles.tailSet(Long.valueOf(System.currentTimeMillis() - 1000)).size(); int accInThreeSeconds = trackerHandles.tailSet(Long.valueOf(System.currentTimeMillis() - 3000)).size(); int accInOneMinute = trackerHandles.tailSet(Long.valueOf(System.currentTimeMillis() - 60000)).size(); int accInTenMinutes = trackerHandles.tailSet(Long.valueOf(System.currentTimeMillis() - 600000)).size(); // protections against too strong YaCy network load, reduces remote search if (global) { - if (accInTenMinutes >= 30 || accInOneMinute >= 6 || accInThreeSeconds >= 1) { + if (accInTenMinutes >= 60 || accInOneMinute >= 6 || accInThreeSeconds >= 1) { global = false; - Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInOneSecond + "/1s, " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed global search"); + Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed global search"); } } // protection against too many remote server snippet loads (protects traffic on server) if (snippetFetchStrategy != null && snippetFetchStrategy.isAllowedToFetchOnline()) { if (accInTenMinutes >= 20 || accInOneMinute >= 4 || accInThreeSeconds >= 1) { snippetFetchStrategy = CacheStrategy.CACHEONLY; - Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInOneSecond + "/1s, " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed remote snippet loading"); + Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed remote snippet loading"); } } // general load protection - if (accInTenMinutes >= 2000 || accInOneMinute >= 600 || accInOneSecond >= 20) { + if (accInTenMinutes >= 3000 || accInOneMinute >= 600 || accInThreeSeconds >= 60) { block = true; - Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInOneSecond + "/1s, " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed search"); + Log.logWarning("LOCAL_SEARCH", "ACCESS CONTROL: CLIENT FROM " + client + ": " + accInThreeSeconds + "/3s, " + accInOneMinute + "/60s, " + accInTenMinutes + "/600s, " + " requests, disallowed search"); } } }