Hello, thank you. I see the problem with the worker processes now. I had a look at PIKE module and RATELIMIT module as well.
My idea was to delay the call WITHOUT sending any reply-message to the caller, as I wanted to save performance and I can identify suspicios users by a reputation that I compute before. It seems the only way to do so, might be to store the INVITE information somewhere and keep on routing it again after a certain timeout. Do you agree? Regards, Nicolas > On 10/26/2010 05:09 PM, Alex Balashov wrote: > > Pike or ratelimit modules may facilitate this; otherwise, no. > >> > >> > Hello, It is not a good design practice to do it synchronously, mainly > because the worker process will remain blocked for 30s . Imagine an > attacker sending 30 requests and DoS the whole server , because of the > limited number of worker process (not to mention that 30s delay means > retrasmits from the TM layer- so these need to be handled by tm before > the "sleep"). > > Anyway I wouldn't recommend a design like this. As others suggested > pike and ratelimite (mostly ratelimit) will allow you to drop calls from > attackers. You could add a Retry-After header so to inform a normal UA > to retry the request after a number of seconds. > > Marius -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
