> On Jan 13, 2015, at 6:46 PM, Mark Eggers <its_toas...@yahoo.com.INVALID> > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 1/13/2015 3:29 PM, Jesse Barnum wrote: >> I need the ability to examine the POST data from a request, examine >> it, and either respond to it or close the connection without >> returning any result, not even a 200 OK status. >> >> The reason for this is because I’m getting overwhelmed with >> thousands of invalid requests per second, which are racking up >> bandwidth fees. The requests can’t be traced to an IP address, so I >> can’t just block them in a firewall or Apache - I need to actually >> use logic in my Tomcat app to figure out which requests to respond >> to. >> >> Is there a way to force Tomcat to just drop the connection and >> close the socket without sending a response? >> >> --Jesse Barnum, President, 360Works >> > > Possibly with mod_security? > > https://www.modsecurity.org/ > > You can add this to Apache HTTPD if you're fronting Tomcat with it, or > you can check out the Java implementation here: > > http://blog.spiderlabs.com/2013/09/modsecurity-for-java-beta-testers-needed.html > > I have used mod_security, and while it's somewhat a beast, it does a > great job at protecting web applications. > > I have not used the Java version. > > . . . just my two cents > /mde/
Thanks for the suggestion, but that won’t do what I need. I need to examine the request and use business logic in my web app to determine whether or not to respond to the request. --Jesse Barnum, President, 360Works http://www.360works.com Product updates and news on http://facebook.com/360Works (770) 234-9293 == Don't lose your data! http://360works.com/safetynet/ for FileMaker Server == --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
