You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by John Plate <pl...@ache.dk> on 2005/06/04 15:38:39 UTC
Avoiding attacking server
Hi
Is it possible to configure how often an IP number can access the
Struts web-server? Fx, an attacking server may overwhelm the Struts
server with requests...
Thanks
John
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Avoiding attacking server
Posted by Don Hill <dh...@pair.com>.
John,
I have actually wrote a throttle to control this, it limits the number
of threads that will be created to handle requests. I will post it
within the next week.
Don
John Plate wrote:
>Hi
>
>Is it possible to configure how often an IP number can access the
>Struts web-server? Fx, an attacking server may overwhelm the Struts
>server with requests...
>
>Thanks
>John
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Avoiding attacking server
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
If you really want to do it programmatically in your app you would have
to write a filter which caches the IP addresses of the incoming
requests. Check out any example filter you can find (they're normally
quite basic) and configure it according to the docs on the tomcat site -
it's standard j2ee.
On 05/06/05 15:26 Mark Benussi wrote:
> Is it possible to set this in any other way as I don't have access to my
> httpd.conf with my current hosts.
>
> -----Original Message-----
> From: Martin Gainty [mailto:mgainty@hotmail.com]
> Sent: 05 June 2005 14:58
> To: Struts Users Mailing List
> Subject: Re: Avoiding attacking server
>
> set your MaxClients directive (max number of simultaneously connected
> clients) in your httpd.conf
> Take a look at
> http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-apache-co
> nfig.html
> Anyone else ???
> Martin-
> ----- Original Message -----
> From: "John Plate" <pl...@ache.dk>
> To: "Struts Users Mailing List" <us...@struts.apache.org>
> Sent: Saturday, June 04, 2005 9:38 AM
> Subject: Avoiding attacking server
>
>
>
>>Hi
>>
>>Is it possible to configure how often an IP number can access the
>>Struts web-server? Fx, an attacking server may overwhelm the Struts
>>server with requests...
>>
>>Thanks
>>John
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Avoiding attacking server
Posted by Mark Benussi <ma...@hotmail.com>.
Is it possible to set this in any other way as I don't have access to my
httpd.conf with my current hosts.
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: 05 June 2005 14:58
To: Struts Users Mailing List
Subject: Re: Avoiding attacking server
set your MaxClients directive (max number of simultaneously connected
clients) in your httpd.conf
Take a look at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-apache-co
nfig.html
Anyone else ???
Martin-
----- Original Message -----
From: "John Plate" <pl...@ache.dk>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Saturday, June 04, 2005 9:38 AM
Subject: Avoiding attacking server
> Hi
>
> Is it possible to configure how often an IP number can access the
> Struts web-server? Fx, an attacking server may overwhelm the Struts
> server with requests...
>
> Thanks
> John
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Avoiding attacking server
Posted by Martin Gainty <mg...@hotmail.com>.
set your MaxClients directive (max number of simultaneously connected
clients) in your httpd.conf
Take a look at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-apache-config.html
Anyone else ???
Martin-
----- Original Message -----
From: "John Plate" <pl...@ache.dk>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Saturday, June 04, 2005 9:38 AM
Subject: Avoiding attacking server
> Hi
>
> Is it possible to configure how often an IP number can access the
> Struts web-server? Fx, an attacking server may overwhelm the Struts
> server with requests...
>
> Thanks
> John
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
re: Avoiding attacking server
Posted by Leon Rosenberg <st...@anotheria.net>.
Well, this isn't a feature of struts, but some webserver like apache or
resin allow you to configure
IP-Throttle filters, allowing X-parallel requests from a single ip.
However, if you really want protection, you need a hardware firewall infront
of your servers.
Regards
Leon
> -----Ursprüngliche Nachricht-----
> Von: John Plate [mailto:plate@ache.dk]
> Gesendet: Samstag, 4. Juni 2005 15:39
> An: Struts Users Mailing List
> Betreff: Avoiding attacking server
>
> Hi
>
> Is it possible to configure how often an IP number can access
> the Struts web-server? Fx, an attacking server may overwhelm
> the Struts server with requests...
>
> Thanks
> John
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org