Beginning with version 2.2, Opal provides basic support for restricting number of job submissions per IP. Users can set appropriate properties in the etc/opal.properties to configure this features. For instance, the specific lines for configuring this feature are as follows:
## BEGIN: information for the per IP limits on job submission ## ---------------------------------------------------------- # boolean switch to turn processing on or off opal.ip.processing=false # number of jobs per IP per hour opal.ip.limit=10 # block all jobs from this IP - comma separated entries (optional) opal.ip.blacklist=66.102.7.104 # always allow jobs from this IP - comma separated entries (optional) opal.ip.whitelist=66.102.7.105, 127.0.0.1 ## ---------------------------------------------------------- ## END: information for the per IP limits on job submission |
By default, the IP-based restrictions are turned off. To turn it on, please set the opal.ip.processing to true. You can configure the number of jobs that are allowed per IP address by setting the opal.ip.limit. If the Opal server receives more than these many jobs from any IP address per hour, it will reject job submissions by throwning an appropriate exception. Opal also supports the concept of blacklists and whitelists. To block all jobs from a particular IP address, add that address to the opal.ip.blacklist. Similarly, to allow all jobs from a particular IP, add that address to the opal.ip.whitelist.
Please note that the blacklist takes precedence over the whitelist - i.e. if an IP address is present on the blacklist, all jobs from this address will be blocked even if it may be on the whitelist. Also note that you should add localhost (127.0.0.1) to the whitelist, if you would like enable the Opal Dashboard to always be able to submit jobs.
As usual, after all changes to the etc/opal.properties, reinstall Opal using the ant install command, and restart Tomcat for the changes to take effect.