I am using websockets to talk with server but I want to prevent client from connecting if a requirement is not met. My code is very simple
let socket = new WebSocket('wss://server.com/server/');
socket.addEventListener('open', function(e) {
// we are now connected
});
How does nodeJS connect? It must send a connect message right? Is there a way to edit that message? I'd like to limit it so connections can not be made unless a key is sent with the connection message.
How it works now I send a "login request message" and if the credentials dont match I terminate the connection but currently people could still open connections without sending the login request. This would be a security issue right? People could just DDOS by creating a bunch of connections without logging in.
CodePudding user response:
It's not NodeJS's responsibility to manage DOS/DDOS requests. That is done at the network layer (routers, switches, load balancers, proxies, etc.). See this answer for more detail: protection agains DOS websocket with ip address
Preventing users from continuing to communicate over the socket can be done after a successful connection is made and then the key sent, after which, if it's marked as valid by the server, it continues, otherwise it closes the connection. The limits on how many times a client can connect (or in this case re-connect) are handled by the network rules.