Prevent single requests from overwhelming the application by using excessive resources, thus causing denial of service.
defmodule VulnerableController do
use Plug.Router
plug :match
plug :dispatch
post "/intensive_task" do
# Some resource-intensive task here
intensive_data_processing(conn.params["data"])
send_resp(conn, 200, "Task completed")
end
end
The endpoint '/intensive_task' performs intensive data processing which can consume significant system resources. An attacker can exploit this by making repeated or specially crafted requests, causing the system to become overwhelmed and potentially resulting in denial of service.
defmodule SecureController do
use Plug.Router
use PlugAttack
plug :match
plug :dispatch
plug PlugAttack.Blocker, otp_app: :my_app
plug PlugAttack.RateLimiter,
name: "api/ip",
interval: 60_000,
allow: 100
post "/intensive_task" do
with {:ok, _result} <- Task.await(intensive_data_processing(conn.params["data"]), 5000) do
send_resp(conn, 200, "Task completed")
else
_ -> send_resp(conn, 503, "Server is busy. Please try again later.")
end
end
end
This solution implements rate limiting using the plug_attack package and adds a timeout to the resource-intensive task. These changes help ensure that no single request or user can consume too many resources, thus mitigating the denial of service risk. If the task doesn't finish within the specified time, a 'Server is busy. Please try again later.' message is sent to the client.