I have a user of my software who has upset someone online and now their web app is getting spammed with 1000’s of GET requests. These requests appear to be one after another with about 9 GET requests packed into a 1514 byte long packet, the host is set to “www.google.com”. Eventually, there is a NilObjectException in “_HTTPServer.HTTPRequestSocket.Event_DataAvailable” followed by a Segmentation Fault. I do see that App.HandleURL is being called but I have no code in there for other than one “if” statement that is evaluating to false based on the path. The app gets up to about 7gb of ram before crashing. I assume that it is trying to make sessions for most of these requests and then running out of ram? I guess its probably a bit much to expect the framework to be able to handle this without a frontend load balancer or firewall, but I thought I would ask here in case anyone had and ideas.
My client had set up a tunnel for traffic but forwarded everything with the same source IP so without a GRE tunnel, IP banning would be out of the question.
Thanks for your help!
GET / HTTP/1.1<CR/LF>
Host: www.google.com<CR/LF>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT es-ES; 6.1; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17<CR/LF>
Accept: */*<CR/LF>
<CR/LF>
GET / HTTP/1.1<CR/LF>
Host: www.google.com<CR/LF>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT es-ES; 6.1; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17<CR/LF>
Accept: */*<CR/LF>
<CR/LF>...
i don’t think you can stop it from crashing you web app. As there is no way to close the connection fast enough (code below may just work, but i’ve not tested it).
You can try to return an instantly created 404 page or redirect to an apache/nginx file that handles the response.
That is by using something like this in App.HandleURL of your web application:
// Put this on top
Var expectedHost As String = "mydomain.com"
Var blockedIPs() As String = Array("255.243.200.101") // Array of blocked ip adresses
If Request.Header("Host") <> expectedHost Or blockedIPs.IndexOf(Request.RemoteAddress) > -1 Then
// This fill filter out some requests that do no belong here. You should update the blockedIPs() array
// to remove ip-addresses after some days for example.
Request.Print("File Not Found")
Request.Status = 404
Return True // We handled the request here on 2019R3.1 this should not create a session, saving time and ram.
End If
// Do other code below:
At best you could store the ip-address somewhere and blacklist it at the server level (using shell class?).
i don’t think you can stop it from crashing you web app. As there is no way to close the connection fast enough (code below may just work, but i’ve not tested it).
You can try to return an instantly created 404 page or redirect to an apache/nginx file that handles the response.
That is by using something like this in App.HandleURL of your web application:
// Put this on top
Var expectedHost As String = "mydomain.com"
Var blockedIPs() As String = Array("255.243.200.101") // Array of blocked ip adresses
If Request.Header("Host") <> expectedHost Or blockedIPs.IndexOf(Request.RemoteAddress) > -1 Then
// This fill filter out some requests that do no belong here. You should update the blockedIPs() array
// to remove ip-addresses after some days for example.
Request.Print("File Not Found")
Request.Status = 404
Return True // We handled the request here on 2019R3.1 this should not create a session, saving time and ram.
End If
// Do other code below:
At best you could store the ip-address somewhere and blacklist it at the server level (using shell class?).[/quote]
Normally I wouldn’t have any problem as I would just blackhole IPs making bad requests as you suggest. Sadly, until my client figures out how to properly tunnel IPs to his server, any blocking will block all requests. I have told them how just waiting on their end. I was just wondering if someone had something in the meantime.
Ah looks like I typod that IP, its ovh. Derks code looks good as they’re requesting www.google.com from your IP so it should be pretty unique.
EDIT: I’d return a 200 so their end thinks they are still connecting fine so hopefully they don’t change anything. Pop this at the top of your HandleURL
If Request.GetRequestHeader("Host") = "www.google.com" Then
Request.Status = 200
Return True
End If
