Hi, I am using apacheDS 2.0.0 M15 embedded into my application. I would like to prevent DoS attacks to the LDAP server by blocking repeated requests from identical IP addresses. My first thought was to use an interceptor, but I found that the first method to be called is the lookup() method, and the lookupOperationContext does not contain the client's IP address. I get the IP address in the bind(BindContext) method, but then I have already spent server capacity to check the username and password in the database (even if the password is wrong, or the username unknown).
What is the best way to get to the client's IP address before I make a database lookup? Is it possible to add a filter to the Mina filter chain that is used in apacheDS, and if yes, how can I do that? Using an external firewall to prevent DoS attacks is not feasible, unfortunately. Thank you for your help, and best regards, Ute
