[jira] [Comment Edited] (KNOX-2806) Implement a new DoS security provider

Tue, 25 Oct 2022 07:11:06 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623858#comment-17623858
 ] 

Larry McCay edited comment on KNOX-2806 at 10/25/22 2:10 PM:
-------------------------------------------------------------

This is an interesting improvement.
I'd like to learn more about the behavior and details.
Please consider adding this to the existing WebAppSec provider instead of a 
separate provider though.

EDIT: just noticed it is already committed. This should be refactored and 
rolled into the existing web application security provider.


was (Author: lmccay):
This is an interesting improvement.
I'd like to learn more about the behavior and details.
Please consider adding this to the existing WebAppSec provider instead of a 
separate provider though.

> Implement a new DoS security provider
> -------------------------------------
>
>                 Key: KNOX-2806
>                 URL: https://issues.apache.org/jira/browse/KNOX-2806
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Balazs Marton
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> There is a need to implement a mechanism that prevents Knox from being 
> attacked using DoS (Denial of Service).
> One elegant way is to reuse Jetty's own DoS filter in a way such that it can 
> be configured as a new security provider:
>  * Maven project name: {{gateway-provider-security-dos}}
>  * Provider role: {{dos}}
>  * Provider name: {{JettyDoS}}
> In case someone wants to use this new feature, the new provider declaration 
> has to be added to the top of the providers (it must be documented). When 
> this provider is present in the topology, Jetty's DosFilter has to be 
> contributed to the filter chain. That is, a new 
> {{ProviderDeploymentContributor}} should be implemented that inserts the 
> {{org.eclipse.jetty.servlets.DoSFilter}} into each resource that is available 
> in the topology.
> References:
>  * [https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
>  * 
> [https://archive.eclipse.org/jetty/9.0.0.RC0/apidocs/org/eclipse/jetty/servlets/DoSFilter.html]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to