Randy,
We have several customers who were using commercial scanning software to test
web servers and one test was basically of DOS. When this test was run, 4D
Server (V13) would crash...not good.
To get around this, we did a rather simple "trick"....
Since we know the format of every web request coming into our system, I simply
created a new method called "Utility_Web_Intrusion_Shutdown" which looks like
this:
$minutes:=5*3600
WEB STOP SERVER
DELAY PROCESS(Current process;$minutes)
WEB START SERVER
When an unknown request came in, we routed it to the method above. This
effectively killed their test and did not crash 4D Server. In my example
above, the web server was down for 5 minutes, no magic for that number.
However, if the test was still running when the time limit was up, it would
simply jump back into this routine.
Quick & Dirty, but it did work...
Steve
*********************************************
Stephen J. Orth
The Aquila Group, Inc. Office: (608) 834-9213
P.O. Box 690 Mobile: (608) 347-6447
Sun Prairie, WI 53590
E-Mail: s.o...@the-aquila-group.com
*********************************************
-----Original Message-----
From: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] On Behalf Of Randy Engle
via 4D_Tech
Sent: Friday, March 24, 2017 11:19 AM
To: '4D iNug Technical' <4d_tech@lists.4d.com>
Cc: Randy Engle <4d.l...@xc2.us>
Subject: DDOS Attack simulator
A customer has "requested" us to do our own security scan of our web
application. (Using 4D Web Server v15.4/Windows... currently)
I'm a raw newbie at this stuff, so please be gentle. ;-)
**********************************************************************
4D Internet Users Group (4D iNUG)
FAQ: http://lists.4d.com/faqnug.html
Archive: http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**********************************************************************
