On Wed, Feb 15, 2012 at 10:58 PM, Juan Marín Otero <
[email protected]> wrote:
> Hi all,
>
> I'd like to discuss an enhancement that I've been working on for the
> control flow module that would allow it to:
>
> 1. Establish global limits for number of concurrent requests from a single
> IP address. A single IP address may only take up to n number of requests in
> parallel.
>
> 2. Specify limits for the number of requests that a particular IP address
> can take, same as above but specific to a particular IP
>
> 3. IP blacklist, which would reject requests coming from specific IP
> addresses.
>
> Not sure if completely necessary, but I've rounded up some more details
> into a GSIP here:
>
>
>
> http://geoserver.org/display/GEOS/GSIP+72+-+Control+Flow+Module+Enhancements
>
>
> Feedback and comments really welcome.
>
>
Hi Juan,
thanks a lot for the detailed GSIP, it's well laid out and provides a good
explanation
of what has been done.
I'm overall quite happy about the improvements, there are a just a few
minor points that
may need amending.
The reason why the original module did not have ip address control is due
to routers and
proxies.
When you have a big organization, with hundred or thousands of people
behind a single
public ip address, it gets difficult to use just the ip: you might be
handling a user with
a single ip that's flooding you, or seeing the effect of 30 people working
in parallel
against GeoServer, while you want to stop/limit the first applying limits
to the seconds
might well make the application unusable for that particular organization.
Also you might have reverse proxies local to the server that act as front
ends to the
server, if you just get the ip address you'll get the one of the local
proxy.
To address the above there is the x-forwarded-for header that reverse
proxies
normally set to inform software that a proxy is in the middle:
http://en.wikipedia.org/wiki/X-Forwarded-For
If you look into the "monitoring" module you'll see how the header is used.
Another detail in the GSIP that might need reworking is this syntax:
*ip.address=<count>,<ip_addr>*
Is it just me, or the above won't allow to control more than one specific
ip
address? The property files are, in the end, serialized maps.
I guess the following one might do instead:
ip.<ip_addr>=count
(and you scan the whole property file contents to look for those).
One final note is that this is the first GSIP that is being proposed by a
non
core developer. As far as I know you don't have committ access either,
right?
If this is your first contribution you should also open a ticket in jira
and attach the full patch for review.
Anyways, the work looks good.
Normally we allow commit access directly for new community modules, since
you are modifying an extension I guess we can give you commit access anyways
but you'll have to ask for reviews before making commits to any
core/extension
module.
Thanks again for the contribution and for approaching the community in such
a clear way, looking forward to see the GSIP applied.
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
