can I prevent DoS (Denial of Service) Attacks in JSP?
Dear List, I have been asked if its possible to prevent DoS attacks inside Java (JSP/Servlet). I guess it is ... is this something however that TC would be configured to deal with, or must I do something myself. Whats normal ? Many thanks in advance! Best wishes Ben Bookey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can I prevent DoS (Denial of Service) Attacks in JSP?
Hmm, that is like asking how to avoid automobile accidents. Larry On 8/2/05, Ben Bookey [EMAIL PROTECTED] wrote: Dear List, I have been asked if its possible to prevent DoS attacks inside Java (JSP/Servlet). I guess it is ... is this something however that TC would be configured to deal with, or must I do something myself. Whats normal ? Many thanks in advance! Best wishes Ben Bookey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can I prevent DoS (Denial of Service) Attacks in JSP?
Larry Meadors wrote: Hmm, that is like asking how to avoid automobile accidents. Larry On 8/2/05, Ben Bookey [EMAIL PROTECTED] wrote: Dear List, I have been asked if its possible to prevent DoS attacks inside Java (JSP/Servlet). I guess it is ... is this something however that TC would be configured to deal with, or must I do something myself. Whats normal ? Many thanks in advance! Best wishes Ben Bookey i guess one could attempt to write a filter that rejects requests that *look like* they are part of a DoS attack, but there's always the risk of eliminating legitimate traffic with this. and it probably won't help at all if the attacker found a weak spot specific to your web application. Edmund BTW don't forget to fasten your seatbelt. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can I prevent DoS (Denial of Service) Attacks in JSP?
I don't is possible because in case of a DoS they first target your web server by making it busy. That can be tomcat but can well be apache. Secondly they can attack you from many ip addresses and that would be pretty harsh, if for example you'd get 1 zillion requests for a larger file/page and your tomcat will become very busy trying to serve that page/file.Additional users will experience slow access or even no access at all. What you can do, is more like a prevention - just an idea, never implemented yet - keep tap of access and if you think that one particular ip address or one resource is hit extremely often then treat that request differenly, a short(text), polite message will do - you'd serve it differently. This will not be bullet proof thought, any additional number of requests can bring you bag at start point... Maybe load balancing can help, that has nothing to do though with your application. It's a appserver and hardware configuration. Hope this will help, MC http://www.goodstockimages.com From: Larry Meadors [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: can I prevent DoS (Denial of Service) Attacks in JSP? Date: Tue, 2 Aug 2005 08:30:32 -0600 Hmm, that is like asking how to avoid automobile accidents. Larry On 8/2/05, Ben Bookey [EMAIL PROTECTED] wrote: Dear List, I have been asked if its possible to prevent DoS attacks inside Java (JSP/Servlet). I guess it is ... is this something however that TC would be configured to deal with, or must I do something myself. Whats normal ? Many thanks in advance! Best wishes Ben Bookey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
