tags:

views:

140

answers:

2
Q: 

how to block unknown clients in indy (Delphi)

Hi ,

I have a public server(configured with indy 10) . some unknown clients are sending thousands of no content messages that it change the server's cpu usage to 50% . i have no firewall on my server , so i tried to block the unknown clients with this codes :

This is a function that works with a Timer :

var
  i, j: integer;
begin
  IX2 := IX2 + 1;
  SetLength(ClientIPs, IX2);
  ClientIPs[IX2 - 1] := StrIP;
  j := 0;
  for i := low(ClientIPs) to high(ClientIPs) do
  begin
    Application.ProcessMessages;
    if ClientIPs[i] = StrIP then
      j := j + 1;
  end;
  if j > 10 then
  begin
    Result := false;
    exit;
  end;
  Result := true;

And it's my Timer code :

  //Reset filtering measures
  IX2 := 0;
  SetLength(ClientIPs, 0);

So i use it in OnExecute event :

  LogIP := AContext.Connection.Socket.Binding.PeerIP;

  if IPFilter(LogIP) <> true then
  begin
    AContext.Connection.disconnect;
    exit;
  end;

  //Get Data *********
  Data := AContext.Connection.IOHandler.ReadLn();

finally , if a client sends many message in a short time , it will be disconnect . but there is a problem . in fact , after client disconnection , the Onexecute event is still working and i can not stop the operation Fully .anyway i need to block some IPs completely .

Thank you

+2  A: 

The OnConnect event would be a better place to disconnect blacklisted IPs. The only reason to do the check in the OnExecute event is if the IP is not being blacklisted until after OnConnect has already been fired.

As for why OnExecute keeps running after you disconnect - the only way that can happen is if your OnExecute handler has a try..except block that is catching and discarding Indy's internal notifications. Any exception handling you do needs to re-raise EIdException-derived exceptions so the server can process them.

Remy Lebeau - TeamB  2010-08-07 21:03:21
Hi , Thanks for response . but i'm not using try/except !
Kermia  2010-08-08 06:49:24
Then please show your actual OnExecute code. You are not handling disconnects correctly in it.
Remy Lebeau - TeamB  2010-08-10 00:58:01
Hi , I did Mr Lebeau . this is my actual OnExecute code : LogIP := AContext.Connection.Socket.Binding.PeerIP; if IPFilter(LogIP) <> true then begin AContext.Connection.disconnect; exit; end; //Get Data ********* Data := AContext.Connection.IOHandler.ReadLn();So , How can i handling disconnects correctly ?Thank you
Kermia  2010-08-10 04:53:45
Did you verify that ReadLn() is actually being called? If what you showed earlier is the actual implementation of the IPFilter() function, then that code is not even remotely thread-safe, and thus can cause all kinds of problems, including deadlocks and crashes. It looks like the code is simply trying to prevent the same client IP from establishing more than 10 simultaneous connections, is that right? If so, then the implementation can be greatly simplified and stablized by simply looping through the server's own Contexts list instead of maintaining your own list. I have posted the code.
Remy Lebeau - TeamB  2010-08-10 23:26:08
+1  A: 

Followup to my earlier comment:

function TForm1.IPFilter(const StrIP: string): Boolean;
var 
  i, j: integer; 
  list: TList;
begin 
  j := 0; 
  list := IdTCPServer1.Contexts.LockList;
  try
    for i := 0 to list.Count-1 do 
    begin 
      if TIdContext(list[i]).Binding.PeerIP = StrIP then
        Inc(j); 
    end; 
    Result := j <= 10; 
  finally
    IdTCPServer1.Contexts.UnlockList;
  end;
end;

procedure TForm1.IdTCPServer1Execute(AContext: TIdContext);
begin
  // the simpliest way to force a disconnect and stop
  // the calling thread is to raise an exception...
  if not IPFilter(AContext.Binding.PeerIP) then
    Abort();

  // alternatively, if you call Disconnect(), make sure
  // the IOHandler's InputBuffer is empty, or else
  // AContext.Connection.Connected() will continue
  // returning True!...
  {if not IPFilter(AContext.Binding.PeerIP) then
  begin
    AContext.Connection.Disconnect;
    AContext.Connection.IOHandler.InputBuffer.Clear;
    Exit;
  end;}

  //Get Data ********* 
  Data := AContext.Connection.IOHandler.ReadLn(); 
end;
Remy Lebeau - TeamB  2010-08-10 23:35:54
Thank you Mr Lebeau
Kermia  2010-08-11 06:08:51

related questions

How do you implement Levenshtein distance in Delphi?
Reintroducing functions in Delphi
Does Delphi call inherited on overridden procedures if there is no explicit call
HelpInsight documentation in Delphi 2007
Is it possible to deploy a native Delphi application with ClickOnce
In Delphi 7, why can I assign a value to a const?
Best way to sort an array in delphi
What's the best Delphi book for a newbie?
Visual Studio equivalent to Delphi bookmarks
What's the idiomatic way to do async socket programming in Delphi?
64bit Memory allocation
Documenting Delphi
How to implement Type-safe COM enumerations in Delphi ?
TClientDataSet Aggregates specification aren't added automatically when creating an Aggregate field.
Multiple form Delphi applications and dialogs
Unit testing in Delphi - how are you doing it ?
How to keep track of the references to an object?
Delphi and COM: TLB and maintenance issues
Changing CURRENT save/default directory in Delphi 2007 without using Save-As
What is the best way to make a Delphi Application completely full screen ?
Are there any "mind mapping" components for Delphi? (native VCL preferably)
Delphi resources for existing .NET developer.
What is needed to get Delphi back on top?
Delphi MDI Application and the titlebar of the MDI Children
Can a windows dll retrieve its own filename?