[
https://issues.apache.org/jira/browse/KNOX-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-2806:
--------------------------------
Description:
There is a need to implement a mechanism that prevents Knox from being attacked
using DoS (Denial of Service).
One elegant way is to reuse Jetty's own DoS filter in a way such that it can be
configured as a new security provider:
* Maven project name: {{gateway-provider-security-dos}}
* Provider role: {{dos}}
* Provider name: {{JettyDoS}}
In case someone wants to use this new feature, the new provider declaration has
to be added to the top of the providers (it must be documented). When this
provider is present in the topology, Jetty's DosFilter has to be contributed to
the filter chain. That is, a new {{ProviderDeploymentContributor}} should be
implemented that inserts the {{org.eclipse.jetty.servlets.DoSFilter}} into each
resource that is available in the topology.
References:
* [https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
*
[https://archive.eclipse.org/jetty/9.0.0.RC0/apidocs/org/eclipse/jetty/servlets/DoSFilter.html]
was:
There is a need to implement a mechanism that prevents Knox from being attacked
using DoS (Denial of Service).
One elegant way is to reuse Jetty's own DoS filter in a way such that it can be
configured as a new security provider.
Provider role: {{dos}}
Provider name: {{JettyDoS}}
> Implement a new DoS security provider
> -------------------------------------
>
> Key: KNOX-2806
> URL: https://issues.apache.org/jira/browse/KNOX-2806
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Balazs Marton
> Priority: Major
> Fix For: 2.0.0
>
>
> There is a need to implement a mechanism that prevents Knox from being
> attacked using DoS (Denial of Service).
> One elegant way is to reuse Jetty's own DoS filter in a way such that it can
> be configured as a new security provider:
> * Maven project name: {{gateway-provider-security-dos}}
> * Provider role: {{dos}}
> * Provider name: {{JettyDoS}}
> In case someone wants to use this new feature, the new provider declaration
> has to be added to the top of the providers (it must be documented). When
> this provider is present in the topology, Jetty's DosFilter has to be
> contributed to the filter chain. That is, a new
> {{ProviderDeploymentContributor}} should be implemented that inserts the
> {{org.eclipse.jetty.servlets.DoSFilter}} into each resource that is available
> in the topology.
> References:
> * [https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
> *
> [https://archive.eclipse.org/jetty/9.0.0.RC0/apidocs/org/eclipse/jetty/servlets/DoSFilter.html]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
