[ https://issues.apache.org/jira/browse/KNOX-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623858#comment-17623858 ]
Larry McCay edited comment on KNOX-2806 at 10/25/22 2:10 PM: ------------------------------------------------------------- This is an interesting improvement. I'd like to learn more about the behavior and details. Please consider adding this to the existing WebAppSec provider instead of a separate provider though. EDIT: just noticed it is already committed. This should be refactored and rolled into the existing web application security provider. was (Author: lmccay): This is an interesting improvement. I'd like to learn more about the behavior and details. Please consider adding this to the existing WebAppSec provider instead of a separate provider though. > Implement a new DoS security provider > ------------------------------------- > > Key: KNOX-2806 > URL: https://issues.apache.org/jira/browse/KNOX-2806 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 2.0.0 > Reporter: Sandor Molnar > Assignee: Balazs Marton > Priority: Major > Fix For: 2.0.0 > > Time Spent: 1h > Remaining Estimate: 0h > > There is a need to implement a mechanism that prevents Knox from being > attacked using DoS (Denial of Service). > One elegant way is to reuse Jetty's own DoS filter in a way such that it can > be configured as a new security provider: > * Maven project name: {{gateway-provider-security-dos}} > * Provider role: {{dos}} > * Provider name: {{JettyDoS}} > In case someone wants to use this new feature, the new provider declaration > has to be added to the top of the providers (it must be documented). When > this provider is present in the topology, Jetty's DosFilter has to be > contributed to the filter chain. That is, a new > {{ProviderDeploymentContributor}} should be implemented that inserts the > {{org.eclipse.jetty.servlets.DoSFilter}} into each resource that is available > in the topology. > References: > * [https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter] > * > [https://archive.eclipse.org/jetty/9.0.0.RC0/apidocs/org/eclipse/jetty/servlets/DoSFilter.html] -- This message was sent by Atlassian Jira (v8.20.10#820010)