Launchpad itself

Codehosting should be able to limit the number of connections by IP address

Bug #325730 reported by Andrew Glen-Young
22
Affects Status Importance Assigned to Milestone
Launchpad itself
Won't Fix
High
Unassigned
Launchpad itself 2.2.4

Bug Description

Codehosting should be able to limit the number of connections by IP address to prevent a denial of service.

We have had a few situations where a rogue machine has opened many connections to codehosting and has caused the machine to swap so heavily that additional connections could not be served and a forced reboot of the machine was required.

Implementing connection throttling at the application level would mitigate this problem.

See original description
Revision history for this message
Jonathan Lange (jml) wrote :

I'm just chatting to Michael now, and we're a little bit confused. Marking as incomplete and assigning to him so he can talk to IS and figure out what to do.

Changed in launchpad-bazaar:
assignee: nobody → mwhudson
status: New → Incomplete
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

In particular, we don't believe you mean 'codebrowse'. Codebrowse runs on guava, which hasn't been rebooted in months and in any case, codebrowse is a http application running behind apache, so it would make a lot more sense to do the rate limiting in apache.

It seems more likely that you mean 'codehosting', the ssh service that runs on crowberry (which was indeed rebooted last night). Please do confirm this though.

Changed in launchpad-bazaar:
assignee: mwhudson → aglenyoung
Revision history for this message
Martin Pool (mbp) wrote : Re: [Bug 325730] [NEW] Codebrowse should be able to limit the number of connections by IP address

It should be possible and it may be cleaner or easier to do this in a
proxy server rather than in the application itself...

--
Martin <http://launchpad.net/~mbp/>

Revision history for this message
James Troup (elmo) wrote : Re: Codebrowse should be able to limit the number of connections by IP address

Yes, we meant codehost, not codebrowse.

Changed in launchpad-bazaar:
assignee: aglenyoung → nobody
status: Incomplete → New
description: updated
Revision history for this message
Jonathan Lange (jml) wrote :

Cool, that makes sense. Marking as High & putting into this cycle since DoS is bad, mmkay.

Changed in launchpad-bazaar:
importance: Undecided → High
milestone: none → 2.2.2
status: New → Triaged
Jonathan Lange (jml)
Changed in launchpad-bazaar:
milestone: 2.2.2 → 2.2.3
Jonathan Lange (jml)
tags: added: codehosting-ssh
Revision history for this message
Jonathan Lange (jml) wrote :

*sad*

Changed in launchpad-bazaar:
milestone: 2.2.3 → 2.2.4
Revision history for this message
Jonathan Lange (jml) wrote :

Just spoke with James Troup. We're going to solve the over-all problem using iptables or something similar.

Changed in launchpad-bazaar:
status: Triaged → Won't Fix
Curtis Hovey (sinzui)
visibility: private → public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.