tarekziade
commented
11 years ago We found a simple way to do this (cgroups/firweall rules)
Closed tarekziade closed 11 years ago
tarekziade
commented
11 years ago We found a simple way to do this (cgroups/firweall rules)
I need to make sure a website that is load tested really belong to the tester.
For this purpose I am generating keys, like this one: http://blog.ziade.org/__marteau__ and will control in my tool that the user provides the same key when she runs a test against a given host.
The right thing to do is to catch at the lowest level in Funkload every http call made and control that the user has provided the right key for every host funkload hits.
The control can be cached of course so we just control once per host.
What I am thinking of doing is adding a --host-XXX-key option when calling fl-run-bench, where XXX is the hostname, and a --verify-hosts option. Example:
then the first time I hit that host, look for the key and make sure it matches. see https://github.com/mozilla-services/marteau/blob/master/marteau/util.py#L252
Since the key is a public file, it does not prevent of course anyone to forge the right request.
However, since I am going to provide a public interface for people to run distributed tests using Funkload, it will ensure that my system is not used to run a DOS attack against a domain a user don't own.