[ZBX-8521] Unbounded frontend refresh queue can become a DOS attack when down route is restored Created: 2014 Jul 25 Updated: 2019 Dec 10 |
|
| Status: | Open |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 2.2.4 |
| Fix Version/s: | None |
| Type: | Incident report | Priority: | Trivial |
| Reporter: | David Parker | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | performance, refresh | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Firefox web browser |
||
| Description |
|
If you have a browser sitting on e.g. a screen with lots of graphs and the browser's route to the zabbix web server goes away for a period of time, refresh requests appear to queue up more or less without bound. When the route is restored these dequeue at a very rapid rate and can pretty effectively DOS all of zabbix with a severe IO overload. There really should be a bound on how many requests get queued up. |