[tor-bugs] #7823 [Flashproxy]: Rate-limit facilitator interaction

[Tor Bug Tracker & Wiki]

#7823: Rate-limit facilitator interaction
------------------------+---------------------------------------------------
 Reporter:  dcf         |          Owner:  dcf
     Type:  defect      |         Status:  new
 Priority:  major       |      Milestone:     
Component:  Flashproxy  |        Version:     
 Keywords:              |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------

Comment(by dcf):

 Replying to [comment:1 aallai]:
 > There is an apache mod, mod_evasive, that does rate-limiting against
 general DoS attacks. It looks
 >
 > pretty easy to set up and configure.
 >
 > http://www.zdziarski.com/blog/?page_id=442

 Thanks, this is a good idea. I added mod_evasive to the facilitator setup
 instructions and we'll see how it goes.

 I would like rate limiting to happen not only at the CGI layer. I also
 want it to happen at the level of the `facilitator` program, which has
 knowledge of the current recommended proxy polling interval. If proxies
 are supposed to be polling every 10 minutes, it should refuse to serve
 proxies polling more frequently than that.

 A vague plan of mine is to allow certain trusted parties to push as many
 registrations as they want through the CGI. This is if someone we trust
 sets up their own rendezvous system and they want to post their
 registrations to us. We should introduce authenticated registrations,
 where if a registration has a good signature from a trusted public key, it
 is not subject to rate limiting. If we use mod_evasive, we may have to
 maintain IP whitelists to prevent rate limiting of trusted registrants at
 the Apache level.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7823#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online