[rabbitmq-discuss] DOS protection
Matthias Radestock
matthias at rabbitmq.com
Mon Jul 8 11:19:53 BST 2013
On 08/07/13 10:57, carlhoerberg wrote:
> Ok, is it something you would consider in the core? Today it's pretty
> easy to crash a RabbitMQ server with a very small amount of traffic.
It's been on our todo list for a long time; I don't expect it will get
resolved soon. As you may have guessed, figuring out what exactly to
limit and when is quite tricky.
Would you mind explaining what you had in mind for "monitor[ing] new
channels/consumers/declarations in real-time and block (disconnect) if
too many are made in a short amount of time?"
Specifically...
- what entities do you want to monitor? You mention channels, consumers
and declarations (presumably by that you mean exchanges, queues, and
bindings). Any others?
- do you want to monitor rates (e.g. "channels created per second") or
totals ("number of existing channels")? From your description ("too many
... in time" it sounds like rates, but rates are more a proxy for CPU
and network usage, whereas memory is a mostly a function of the totals.
- at what granularity would the limits (the "too many" part) be set?
globally? per vhost? per user? per connection?
Note that the finer grained the limits the lower the limits need to be
if you want to have a high chance of preventing undesirable behaviour
globally, e.g. for per user limits you'd have to assume that every user
connecting to a single rabbit will hit the limit along each of the
dimensions - channels, consumers, exchanges, queues, etc.
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list