You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Edward Song <ed...@nuhorizons.com> on 2008/09/09 17:11:11 UTC
Denying IP Addresses
Hi all,
Just soliciting some feedback on how to effectively, thwart data mining on
our server.
We have a reactive solution when it comes to screen scraping and data mining
on Tomcat 5.5.
We simply find the offending IP's and add them to the deny rules using the
Valve - org.apache.catalina.valves.RemoteAddrValve
>From what I understand, for changes to take effect, requires a restart of
Tomcat.
I was thinking to override the RemoteAddrValve to retrieve offending IP's
from a file as well, so as not requiring a restart everytime an offending IP
is found.
Our applications then would be able to identify offending IP's, and based on
their own rules, add them to the file.
Is this a viable strategy?
Thanks in advance,
Ed
Re: Denying IP Addresses
Posted by Mark Thomas <ma...@apache.org>.
Pid wrote:
> Edward Song wrote:
>> Hi all,
>>
>>
>>
>> Just soliciting some feedback on how to effectively, thwart data mining on
>> our server.
>>
>>
>>
>> We have a reactive solution when it comes to screen scraping and data mining
>> on Tomcat 5.5.
>>
>> We simply find the offending IP's and add them to the deny rules using the
>> Valve - org.apache.catalina.valves.RemoteAddrValve
>>
>> >From what I understand, for changes to take effect, requires a restart of
>> Tomcat.
>>
>> I was thinking to override the RemoteAddrValve to retrieve offending IP's
>> from a file as well, so as not requiring a restart everytime an offending IP
>> is found.
>>
>> Our applications then would be able to identify offending IP's, and based on
>> their own rules, add them to the file.
>
> it could be expensive to check the file for every request.
> if you're going to do that, then consider caching the file and using an
> internal thread to reload it periodically.
You could use JMX to update the list of denied IP addresses. Better yet,
just use iptables.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Denying IP Addresses
Posted by Pid <p...@pidster.com>.
Edward Song wrote:
> Hi all,
>
>
>
> Just soliciting some feedback on how to effectively, thwart data mining on
> our server.
>
>
>
> We have a reactive solution when it comes to screen scraping and data mining
> on Tomcat 5.5.
>
> We simply find the offending IP's and add them to the deny rules using the
> Valve - org.apache.catalina.valves.RemoteAddrValve
>
>>>From what I understand, for changes to take effect, requires a restart of
> Tomcat.
>
> I was thinking to override the RemoteAddrValve to retrieve offending IP's
> from a file as well, so as not requiring a restart everytime an offending IP
> is found.
>
> Our applications then would be able to identify offending IP's, and based on
> their own rules, add them to the file.
it could be expensive to check the file for every request.
if you're going to do that, then consider caching the file and using an
internal thread to reload it periodically.
p
>
>
>
> Is this a viable strategy?
>
>
>
> Thanks in advance,
>
> Ed
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org