activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xabhi <xabh...@gmail.com>
Subject Re: DOS attack on activemq setup
Date Tue, 28 Apr 2015 13:47:28 GMT
Hi,
I am having some difficulties/concerns in implementing some of the ideas:

1. Restricting composite destinations for producer and consumer:
>I tried adding destination.iscomposite() checks in addProducer and
addConsumer by extending BrokerPluginSupport. The problem I am facing now is
that it is restricting addition of consumer on a composite destination
"ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic" which is added for
every producer and consumer connecting to broker and hence no
producer/consumer can connect If I use this strategy.
What would be other good way to achieve this.

Other concern is that I have dynamic producers also which can send messages
on composite destination at runtime. I am thinking of restricting this in
send call itself? Is it a good place to do this check?

2. Restricting size of messages sent to ActiveMQ:
>I am using wireFormat.maxFrameSize to limit the size. But it works only for
clients using openwire. I have perl/python/php clients using STOMP protocol.
How to achieve this? Do I have make changes in client libraries? Or there is
some other configuration?

3. Restricting total topics and queues count:
>I am trying to implement this in addDestination function. I am checking the
existence of destination being added in
getBrokerService().getRegionBroker().getDestinationMap() and if its new then
I check the count using getBrokerService().getAdminView(). Is it good to
expose DestinationMap in a plugin like this? Though I am not changing
anything here just a contains check.

Thanks,
Abhi




--
View this message in context: http://activemq.2283324.n4.nabble.com/DOS-attack-on-activemq-setup-tp4694598p4695749.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message