Limit Request Rate for SMC API to Prevent DoS Alerts

[sebbbastien]

We are using some Python scripts to monitor the status of certain resources on the SMC. We have identified that one of the scripts is generating "SMC API DoS" alerts on the SMC.

Is there a parameter to ask the SMC library to limit the number of requests per second in exchanges with the SMC?

Best regards,

[lilianValeroFp]

Hi, it appears difficult to answer to this question without knowing the guilty script. From my perspective, an SMC API DoS means that your script is performing too much requests in a too short time frame. We have some mgt_server parameters (to add in SGConfiguration.txt from SG_HOME/data directory) which allows to prevent the SMC API DoS detection: -SMC_API_DOS_TIME_WINDOW: SMC Api DOS time window in ms protection. During this time windows, the SMC will observe for a same remote address (session id does not support login request) the number of API http queries if it exceeds a too much number: we will log the info [by default, it is 500ms]

• SMC_API_DOS_MAX_REQUESTS: SMC Api DOS max requests observed during the specified time window for a same remote address (session id does not support login request). [By default, it is 100]
• SMC_API_DOS_ENABLE_ALERTING: flag to enable/disable the alerting in case of SMC API DoS situation [by default, true] I hope that helps.