3

I'm working out on a few projects using node and each line of code that I write spans lots of ideas of how could someone destroy my node process.

Right now I'm thinking of this:

require('http').createServer(function(req, res)) {
    //DEAL WITH REQUEST HERE
  }.listen(port, net);

That's standard code for setting up a server and dealing with requests.

Let's say that I want to bring down that node process, I could send POST requests with loads of data on them and node.js would spend lots of time (and bandwith) on receiving all of them.

Is there a way to avoid this?

PHP Pros: How do you normally deal with this?

Is there a way to tell node or php (maybe apache) to just ignore requests from certain IPs ?

Ale Morales
  • 2,728
  • 4
  • 29
  • 42

1 Answers1

1

You can limit the http request size. Here is the middleware you can use.

https://github.com/senchalabs/connect/blob/master/lib/middleware/limit.js

http://www.senchalabs.org/connect/middleware-limit.html

P.S. Possibility duplication from maximum request lengths in node.js

For getting the IP address in node.js, you can try request.connection.remoteAddress.

Community
  • 1
  • 1
Roger Ng
  • 771
  • 11
  • 28
  • particuarly on my case, it wouldn't help that much bc I'm writing an image uploader; I think I should provide at least 10MB and even with that an attacker could just send 100 10MB POSTS and there goes my 1GB bandwidth – Ale Morales Dec 04 '12 at 03:21
  • If you provide image upload service, you should expect a large bandwidth would be used. Of course, you can perform a IP filtering before letting the user to upload. – Roger Ng Dec 04 '12 at 03:30