On Fri, Sep 6, 2013 at 9:34 AM, Amani Soysa <[email protected]> wrote: > On Thu, Sep 5, 2013 at 5:06 PM, Sameera Jayasoma <[email protected]> wrote: > >> ELB is getting requests for unknown hosts. For all the unknown hosts ELB >> tries to do a registry look up to. This bit of code is recently adde to the >> TenantAwareLoadBalancingEndpoint. >> >> This needs to be fixed properly. We shouldn't do a reg/db call for each >> and every unknown host names. Attackers can overload ELB with this. >> > > This is because we needed to support the domain mapping functionality for > S2 and aPaaS. At the moment we store domain mappings in the registry and > whenever, an unknown host comes to ELB we check if that domain mappings > exist in the registry. > > Yes we need to find an alternative way to do this avoid dos attacks. Will > look in to this more and update the thread. > >> >> Proper fix would be load the dynamic host names from the registry during >> the startup. >> > As a work around we are going to disable the Domain Mapping by adding a property in the loadbalancer.conf so that we can avoid this DOS attack issue when domain mapping feature is not needed [1].
And also I have fixed the earlier issue[2] which Evanthika has mentioned by setting the tenant flow with super tenant information before accessing domain mappings from the registry. [1] - https://wso2.org/jira/browse/LB-110 [2] - https://wso2.org/jira/browse/LB-111 > >> Thanks, >> Sameera. >> >> >> On Thu, Sep 5, 2013 at 4:45 PM, Eranda Sooriyabandara >> <[email protected]>wrote: >> >>> Hi Evanthilka, >>> This seems to be due to accessing management console via ELB and tenant >>> flow on that path is not started. >>> >>> @Sameera, Pradeeep >>> Any ideas regarding this? >>> >>> thanks >>> Eranda >>> >>> >>> On Thu, Sep 5, 2013 at 3:05 PM, Evanthika Amarasiri >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> I'm seeing the below exception when accessing the Management Console on >>>> a worker/manager separated set up with registry based >>>> deployment synchronizer. Could this be due to a configuration issue? >>>> >>>> >>>> *************************************************************************************************** >>>> TID: [0] [ELB] [2013-09-05 14:38:55,932] ERROR >>>> {org.apache.axis2.transport.base.threads.NativeWorkerPool} - Uncaught >>>> exception {org.apache.axis2.transport.base.threads.NativeWorkerPool} >>>> java.lang.NullPointerException: Tenant domain has not been set in >>>> CarbonContext >>>> at >>>> org.wso2.carbon.caching.impl.CacheManagerFactoryImpl.getCacheManager(CacheManagerFactoryImpl.java:79) >>>> at >>>> org.wso2.carbon.registry.core.utils.RegistryUtils.getCacheManager(RegistryUtils.java:288) >>>> at >>>> org.wso2.carbon.registry.core.utils.RegistryUtils.getResourceCache(RegistryUtils.java:271) >>>> at >>>> org.wso2.carbon.registry.core.caching.CacheBackedRegistry.getCache(CacheBackedRegistry.java:62) >>>> at >>>> org.wso2.carbon.registry.core.caching.CacheBackedRegistry.resourceExists(CacheBackedRegistry.java:246) >>>> at >>>> org.wso2.carbon.registry.core.session.UserRegistry.resourceExists(UserRegistry.java:629) >>>> at >>>> org.wso2.carbon.lb.endpoint.internal.RegistryManager.getMapping(RegistryManager.java:39) >>>> at >>>> org.wso2.carbon.lb.endpoint.endpoint.TenantAwareLoadBalanceEndpoint.send(TenantAwareLoadBalanceEndpoint.java:242) >>>> at >>>> org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:95) >>>> at >>>> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:71) >>>> at >>>> org.apache.synapse.mediators.filters.InMediator.mediate(InMediator.java:55) >>>> at >>>> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:71) >>>> at >>>> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114) >>>> at >>>> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:203) >>>> at >>>> org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83) >>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) >>>> at >>>> org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337) >>>> at >>>> org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:169) >>>> at >>>> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) >>>> at java.lang.Thread.run(Thread.java:722) >>>> >>>> >>>> Regards, >>>> Evanthika Amarasiri >>>> Senior Technical Lead - Quality Assurance >>>> Mobile: +94773125935 >>>> * >>>> * >>>> wso2.com Lean Enterprise Middleware >>>> >>> >>> >>> >>> -- >>> *Eranda Sooriyabandara >>> *Senior Software Engineer; >>> Integration Technologies Team; >>> WSO2 Inc.; http://wso2.com >>> Lean . Enterprise . Middleware >>> >>> E-mail: eranda AT wso2.com >>> Mobile: +94 716 472 816 >>> Linked-In: http://www.linkedin.com/in/erandasooriyabandara >>> Blog: http://emsooriyabandara.blogspot.com/ >>> >>> >>> >>> * >>> * >>> >> >> >> >> -- >> Sameera Jayasoma, >> Architect, >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> blog: http://sameera.adahas.org >> twitter: https://twitter.com/sameerajayasoma >> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >> Mobile: 0094776364456 >> >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Amani Soysa > Senior Software Engineer > Mobile: +94772325528 > WSO2, Inc. | http://wso2.com/ > > Lean . Enterprise . Middleware > -- Amani Soysa Senior Software Engineer Mobile: +94772325528 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
