Now I wonder whether ConnectionThrottleFilter could be done in most Firewall?
On 7/13/07, Mark <[EMAIL PROTECTED]> wrote:
I like that idea. I also agree with Mat and a firewall *should* handle the blacklisting, but defense-in-depth is something I strongly believe in. On 7/11/07, Trustin Lee <[EMAIL PROTECTED]> wrote: > > On 7/12/07, Mark <[EMAIL PROTECTED]> wrote: > > Not sure I agree. > > > > Blacklisting a host is analogous to a firewall operation in that the > > administrator of a MINA-based application would determine which hosts > can > > connect to the application. The ConnectionThrottleFilter is designed to > > block host connections when they try and connect to quickly, like in the > > case of a denial-of-service attack. > > > > I could understand combining code via a shared parent class. There was > talk > > of even extending the ConnectionThrottleFilter further by keeping a host > in > > the 'block' list for a configurable amount of time. > > I think what differs is a policy. If the policy is pre-programmed or > permanant, it's what BlacklistFilter does. Otherwise, it's what > ConnectionThrottlefilter is supposed do. Probably we could create > some generic filter that user can specify a certain policy. For > example: > > ConnectionThrottlePolicy p = ...; > ConnectionThrottleFilter f = new ConnectionThrottleFilter(p); > > Trustin > -- > what we call human nature is actually human habit > -- > http://gleamynode.net/ > -- > PGP Key ID: 0x0255ECA6 > -- ..Cheers Mark
