[Geoserver-users] GeoServer 2.11 : Slow HTTP Denial of Service attack

Fri, 26 May 2017 07:17:36 -0700 

Hi

I have recently started using GeoServer 2.11

As part of my organisation's requirement I had run a security scan on the 
server and found Slow HTTP Denial of Service attack open.

I tried using DoS filter for jetty as below in webapps/geoserver/web.xml, 
however, the issue still persists and I could not find any other way to 
mitigate this risk on the geoserver.

Request if you could help me on the ASAP as my urgent release is on a hold in 
the absence of fixing this risk.

<filter>
                   <filter-name>DoSFilter</filter-name>
                   
<filter-class>org.eclipse.jetty.servlets.DoSFilter</filter-class>
                   <init-param>
                                <param-name>maxRequestsPerSec</param-name>
                                <param-value>30</param-value>
                                <param-name>delayMs</param-name>
                                <param-value>0</param-value>
                                <param-name>maxRequestMs</param-name>
                                <param-value>10000</param-value>
                                <param-name>maxIdleTrackerMs</param-name>
                                <param-value>10000</param-value>

                   </init-param>
                   <async-supported>true</async-supported>
                </filter>

<filter-mapping>
                                <filter-name>DoSFilter</filter-name>
                                <url-pattern>/*</url-pattern>
                </filter-mapping>



Regards
Himani Aggarwal

============================================================================================================================

Disclaimer:  This message and the information contained herein is proprietary 
and confidential and subject to the Tech Mahindra policy statement, you may 
review the policy at http://www.techmahindra.com/Disclaimer.html 
<http://www.techmahindra.com/Disclaimer.html> externally 
http://tim.techmahindra.com/tim/disclaimer.html 
<http://tim.techmahindra.com/tim/disclaimer.html> internally within 
TechMahindra.

============================================================================================================================

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to