You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by "Ry." <im...@yahoo.com> on 2005/03/08 16:04:12 UTC

Protecting Axis from Denial Of Service Attacks

Hi, can you please let me know what are good ways to protect a web service from denial of service attacks.  For my school project I need a write a section on this and, hopefully, create handler(s) to secure my simplish Axis service.
 
>From what I've read, it seems that I should validate the schema, and check parameters are within permitted ranges.  
 
I also read that I should block unknown IP addresses, but I don't know how to do this with Axis/Tomcat. Is this a job, instead, for the firewall?
 
Should I use an XML security gateway/firewall, or rely on the application server?
 
Any info/thoughts/links, etc would be really appreciated
 
Thanks very much - have a nice day!.
Ry.

		
---------------------------------
Celebrate Yahoo!'s 10th Birthday! 
 Yahoo! Netrospective: 100 Moments of the Web