Zimbra Next Generation Modules/Zimbra Next Generation Modules and the Zimbra DoSFilter

Revision as of 13:11, 30 August 2017 by Jorge de la Cruz (talk | contribs) (1 revision imported: Zimbra NG)



Zimbra Next Generation Modules - DoSFilter

Zimbra Next Generation Modules - DoSFilter

The Zimbra DOS Filter

Starting from Zimbra 8.0.0, a connection throttling mechanism called DOS Filter has been added in order to reduce the impact of Denial of Service attacks. By default the DOS Filter only allows for 30 connections per second, rejecting any exceeding connection with a 503 HTTP error.

How the DOS Filter can affect your Zimbra Next Generation Modules experience

Being an Administrative Zimlet, the Zimbra Next Generation Modules Administration Zimlet is loaded upon logging into the Zimbra Administration Console, and in order to retrieve all relevant data many requests are done. This can trigger Zimbra's DOS Filter, causing slowliness, AJAX Errors and general UI corruption (e.g. empty Text Boxes or incoherent checkbox state).

Managing the DOS Filter

There are 3 different configuration properties controlling the DoS Filter:

zimbraHttpDosFilterMaxRequestsPerSec

This property defines the number of allowed concurrent connections per client. The default is 30.

zimbraHttpDosFilterDelayMillis

This property defines the delay imposed any connection that exceeds the allowed limit.

This property can be set to any integer value, which will become the delay imposed on exceeding connections or:

  • "-1", which means "Reject"
  • "0", which means "No Delay"

The default value is -1

zimbraHttpThrottleSafeIPs

This property defines a list of "safe" IPs for which DoS Filter rules do not apply. Multiple addresses can be specified as a comma separated list.

Template:WarningBoxxy

Dealing with Zimbra Admin Console connection issues

If you are experiencing any of the issues described above, you can check if the cause is the DoS Filter by using your browser's Developer Tools before logging into the Zimbra Administration Console: if you can see any 503 errors then the DoS Filter has probably kicked in and is throttling the connections you are making to the Zimbra Administration Console.

In this case, you should either:

  • Add your client IP to the zimbraHttpThrottleSafeIPs list (perfect if your client has a static IP address)
  • Raise the number of allowed connections. According to our tests, 100 allowed connections per second should solve any loading issues (however, this depends by a number of different factors).

Zimbra Next Generation Modules

logo.png

Latest Version: 8.8

Zimbra Next Generation Modules Resources

Here you can find useful resources for your Zimbra NG Modules



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search