[cups] Throttle misbehaving CUPS clients

Sun Aug 10 09:57:45 PDT 2014

Am 10.08.2014 um 14:45 schrieb Michael Sweet:

> Alex,
>
> Please file a CUPS.org bug for this as well; I can't guarantee we'll  
> come up with anything, but we can at least try it to see if it will  
> help...
>
> https://www.cups.org/str.php
>
>
> On Aug 9, 2014, at 3:25 PM, Alex Korobkin <korobkin+cups at gmail.com>  
> wrote:
>
>> Hi Michael,
>>
>> Yes, I did file a bug at https://bugzilla.gnome.org/show_bug.cgi?id=711446
>> last year, but there hasn't been any action on it yet. Chrome team  
>> had
>> received a similar bug report, didn't provide any updates.
>>
>> If CUPS would wait a second or two (configurable parameter) before  
>> replying
>> when it detects too frequent requests, then that would be enough to
>> throttle bad clients. Even if they drop the connection and reopen  
>> it, it is
>> not a big deal, they will get slowed down again. And naturally, this
>> mechanism should be turned off by default for the majority of users,
>> because this problem is likely to appear only in environments with  
>> large
>> number of clients.
>>
>>
>>
>> 2014-08-09 7:42 GMT-04:00 Michael Sweet <msweet at apple.com>:
>>
>>> Alex,
>>>
>>> Right now CUPS provides a MaxClientsPerHost directive that can  
>>> limit the
>>> number of simultaneous connections, but not a directive that  
>>> limits the
>>> rate of consecutive connections that are allowed.
>>>
>>> I'm not sure how we would limit the latter, short of accepting he
>>> connection and then not responding for some period of time which  
>>> could
>>> cause the client to timeout and try another connection.,,
>>>
>>> Have you reported this bug to the gnome folks?
>>>
>>> Sent from my iPad
>>>
>>>> On Aug 9, 2014, at 1:55 AM, Alex Korobkin <korobkin+cups at gmail.com>
>>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I frequently encounter a situation where a printserver is  
>>>> experiencing
>>> high
>>>> load because of a misbehaving Linux client polling printers  
>>>> several times
>>>> per second. I have no control over client machines, and the  
>>>> culprits are
>>>> usually Gnome printing dialogs or Chrome.
>>>>
>>>> It would be nice to have a mechanism in CUPS that would allow for
>>>> throttling all requests from the same client a little bit: no  
>>>> more than
>>> one
>>>> request in 5 seconds, for example.
>>>>
>>>> --
>>>> -Alex
>>>> _______________________________________________
>>>> cups mailing list
>>>> cups at cups.org
>>>> https://www.cups.org/mailman/listinfo/cups
>>> _______________________________________________
>>> cups mailing list
>>> cups at cups.org
>>> https://www.cups.org/mailman/listinfo/cups
>>>
>>
>>
>>
>> -- 
>> -Alex
>> _______________________________________________
>> cups mailing list
>> cups at cups.org
>> https://www.cups.org/mailman/listinfo/cups
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://www.cups.org/mailman/listinfo/cups

Perhaps a solution could be accomplished on the basis of
xtables-addons
(an extensions to the iptables) activating the TARPIT target after the  
first
polling request of a given client?

Helge