[rabbitmq-discuss] DOS protection

Matthias Radestock matthias at rabbitmq.com
Mon Jul 8 11:19:53 BST 2013


On 08/07/13 10:57, carlhoerberg wrote:
> Ok, is it something you would consider in the core? Today it's pretty
> easy to crash a RabbitMQ server with a very small amount of traffic.

It's been on our todo list for a long time; I don't expect it will get 
resolved soon. As you may have guessed, figuring out what exactly to 
limit and when is quite tricky.

Would you mind explaining what you had in mind for "monitor[ing] new 
channels/consumers/declarations in real-time and block (disconnect) if 
too many are made in a short amount of time?"

Specifically...

- what entities do you want to monitor? You mention channels, consumers 
and declarations (presumably by that you mean exchanges, queues, and 
bindings). Any others?

- do you want to monitor rates (e.g. "channels created per second") or 
totals ("number of existing channels")? From your description ("too many 
... in time" it sounds like rates, but rates are more a proxy for CPU 
and network usage, whereas memory is a mostly a function of the totals.

- at what granularity would the limits (the "too many" part) be set? 
globally? per vhost? per user? per connection?

Note that the finer grained the limits the lower the limits need to be 
if you want to have a high chance of preventing undesirable behaviour 
globally, e.g. for per user limits you'd have to assume that every user 
connecting to a single rabbit will hit the limit along each of the 
dimensions - channels, consumers, exchanges, queues, etc.


Regards,

Matthias.



More information about the rabbitmq-discuss mailing list