How to limit the size of a websocket message? #1510
-
|
Suppose one mallicious client just sent a meaningless websocket message as big as 4GB to the django server, how can the server stops it from sending more websocket frames after realizing it has breached the size limit? Also, I would like this error to be catched by upper functions and block this client from further logging in after kicking it offline, and record this attack. Related discussions on stackovervlow: https://stackoverflow.com/questions/13010354/chunking-websocket-transmission/13049499#13049499 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
My first thought would be to handle this at the Twisted level. Autobahn has options to limit frame and message sizes. For persistence — you'd need to catch errors and then look to keeping a blacklist of IPs (or such). That would need thinking about. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, thank you! As long as it pops up an error and report the connection, it is easy to handle the rest. |
Beta Was this translation helpful? Give feedback.
-
|
1、As you say,I already find the maxFramePayloadSize parameter has defined in autobahn\websocket\protocol.py and autobahn\websocket\interfaces.py. Should I modify the parameter in class WebSocketServerFactory(WebSocketFactory) and class WebSocketClientProtocol(WebSocketProtocol) at the same time? |
Beta Was this translation helpful? Give feedback.
My first thought would be to handle this at the Twisted level. Autobahn has options to limit frame and message sizes.
For persistence — you'd need to catch errors and then look to keeping a blacklist of IPs (or such). That would need thinking about.