Re: [cas-user] Throttling config in cas 3.4.3.1

[Pierre]

Hello, Instead of using InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter or an other built-in mecanism, I would to try to use something like Fail2ban which parse log files for regex and create firewall rules to block IP addresses But, in CAS log file, there is no IP address of bad loging, is it possible to change the log format of the ouput? Thanks for the response Pierre Le 10/11/2010 03:03, Scott Battaglia a écrit : The in memory version ignores the rangeInSeconds.  You need to control it by how fast you decrement the count. Cheers, Scott On Tue, Nov 9, 2010 at 6:45 PM, Xuejin Ruan <xuejin.r...@gmail.com> wrote: Hi Scott, I am using CAS Server 3.4.3.1 now. I assume this version fixed the bug in InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter. I configured this interceptor as follows: ~~~~~~~~~~~~~~~~~~~~~~ In cas-servlet.xml I added the interceptor to the FlowHandlerMapping: <ref bean="throttleInterceptor" /> and I added a spring-configuration/throttleInterceptorTrigger.xml file: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:p="http://www.springframework.org/schema/p"  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">  <bean id="throttleInterceptor" class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"   p:failureRangeInSeconds="120"   p:failureThreshold="2"  />  <bean id="throttleInterceptorJobDetail" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"    p:targetObject-ref="throttleInterceptor"    p:targetMethod="decrementCounts" />  <bean id="periodicThrottleCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean"    p:jobDetail-ref="throttleInterceptorJobDetail"    p:startDelay="0"    p:repeatInterval="1000" /> </beans> ~~~~~~~~~~~~~~~~~~~~~~~~~~ However, it doesn't seem that the trigger is working. It failed to throttle consecutive failed login attempts. And I could not see decrement count in any log files (cas.log, or Tomcat log files) either. What went wrong? Is there any documentation on how to configure this interceptor? Thanks, Xuejin -- View this message in context: http://jasig.275507.n4.nabble.com/Throttling-config-in-cas-3-4-2-1-tp2543984p3035306.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: pie...@redtrash.fr To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user