I very likely may be missing something here, but what stops a user from
holding down the F5 key in their browser and generating hundreds of
requests to IIS and thus tying up server resources?
If session state is enabled (enableSessionS tate=true), all of these
requests get queued and processed one after another.
And if the user finds a particular page with poor enough performance,
say one that takes a few seconds to render, by holding down the F5 key
for a minute, he can queue up hundreds of requests and tie up the
server spiking it's cpu for an hour or even hours.
I've tested this and used the Performance Monitor to confirm this is
what goes on.
Shouldn't there be a feature of IIS or ASP.NET that allows you to limit
the number of requests per ASP.NET session so this is avoided?
2  1216 
You're right in raising this issue, Steven.
I have forwarded your (correct) concern
to the ASP.NET Dev Team.
Thanks!
Juan T. Llibre
ASP.NET MVP
===========
<st************ **@hotmail.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. . I very likely may be missing something here, but what stops a user from
holding down the F5 key in their browser and generating hundreds of
requests to IIS and thus tying up server resources?
If session state is enabled (enableSessionS tate=true), all of these
requests get queued and processed one after another.
And if the user finds a particular page with poor enough performance,
say one that takes a few seconds to render, by holding down the F5 key
for a minute, he can queue up hundreds of requests and tie up the
server spiking it's cpu for an hour or even hours.
I've tested this and used the Performance Monitor to confirm this is
what goes on.
Shouldn't there be a feature of IIS or ASP.NET that allows you to limit
the number of requests per ASP.NET session so this is avoided?
this called a denial of service attack. generally your firewall would
prevent this. tying to session means little, as an attacker would know not
to send a session cookie, forcing a new session. the inproc session manager
is vey prone to this attack, as just create new session until asp.net
recycles, losing all session data.
-- bruce (sqlwork.com)
<st************ **@hotmail.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. .
| I very likely may be missing something here, but what stops a user from
| holding down the F5 key in their browser and generating hundreds of
| requests to IIS and thus tying up server resources?
|
| If session state is enabled (enableSessionS tate=true), all of these
| requests get queued and processed one after another.
|
| And if the user finds a particular page with poor enough performance,
| say one that takes a few seconds to render, by holding down the F5 key
| for a minute, he can queue up hundreds of requests and tie up the
| server spiking it's cpu for an hour or even hours.
|
| I've tested this and used the Performance Monitor to confirm this is
| what goes on.
|
| Shouldn't there be a feature of IIS or ASP.NET that allows you to limit
| the number of requests per ASP.NET session so this is avoided?
|
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Markus Poehler |
last post by:
Hi
my program should run on terminal server. I open Acrobat process and I
have to kill them at some points in my application. This fails cause
of insufficient rights on terminal server.
the lines:
Dim p As New Process
For Each p In Process.GetProcesses
If LCase(p.ProcessName) = "acrord32" Then
'p.Kill()
|
by: EC |
last post by:
I am trying to save a file to an end users desktop from the Server on the
click of a button. This works when run the application on my local but does
not work when the application is running on the web server because Dim
copyfiletodesktop As String = "C:\temp\" points to the Web server’s C drive
and not the end users C while when I run the application on my desktop, C
points to my C Drive and that is why it works.
Does anyone know how...
|
by: Pete Wittig |
last post by:
Hello,
I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.
What I want to accomplish is to create an encrypted folder on a server where
files within the folder can be accessed through the application,...
|
by: Dave Kolb |
last post by:
Is there any other solution for an ASPNET application to access
network resources other than running as SYSTEM, using delegation (a
nightmare to get to work) or the COM+ solution? I cannot seem to impersonate
a user and obtain network credentials using the DuplicateTokenEx call with
appropriate parameters even though the call seems to not fail. I check my
identity has changed but can only still do local commands.
I would consider...
|
by: Samuel |
last post by:
Hi,
I am running into a problem of mixing UICulture = auto and allowing users to
select culture using a dropdown list.
I am detecting a querystring, "setlang", and when found, setting the
CurrentUICulture to what's specified in the querystring. Since I want to
allow UICulture auto detecting, I add UICulture = "auto" to page directive on
each page.
| | |
by: Rob R. Ainscough |
last post by:
VS 2005 I have:
ClickOnce deployment
User's that hate and or don't want to use an IE Client (don't blame them)
I don't see how ASPX web pages are going to survive? With .NET 2.0 and
clickonce deployment my app is 427KB (even with modem dialup speed it
doesn't take long to download) -- the user gets a very friendly secure
WindowsForm app (most of them don't even notice they're not under IE
anymore) that performs considerably faster than...
|
by: Asaf |
last post by:
Hello,
I have created a web service name "TestWS" and published it to my SBS2003
server that uses IIS6 as a web server.
I have set NO anonymous access to TestWS virtual directory and I have
created a simple user account from the User template with the name of
"MyUser".
Problem is that I can't login to \TestWS\Service1.asmx with MyUser account
unless I give that user Administrator permission.
|
by: Fox1977 |
last post by:
Hi folks,
Just wondering if anyone can help me out with this problem I'm having
getting a particular .net web application to run on a windows 2003 r2
x64 platform running as a domain account.
Our current setup is as follows:
We have a windows 2003 domain with 4 web servers in. Two of them are
windows 2003 sp1 and I am trying to bring two new ones online. These
|
by: MuZZy |
last post by:
Hi,
I am looking to find a way to get currently logged in user's object GUID
without querying ActiveDirectory. For example, when i log in to my
laptop from home, I'm not on the office network so i can't reach AD but
I'm sure i still can get my AD's objectGUID, as the profile is cached
locally.
Any ideas?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
