axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Senaka Fernando" <sen...@wso2.com>
Subject Preventing DOS attacks made to the Axis2/C server.
Date Sat, 15 Mar 2008 08:30:38 GMT
Hi all,

At the moment I believe that we don't have any mechanism on Axis2/C where
a user can easily limit the number of connections made to a single
service, and thereby prevent the server from being non-responsive when a
large number of concurrent requests are made. Obviously this will elevate
the threat of a single service being denied, and that will require
WS-Security or HTTP Authentication to be prevented.

Ordinary servers have a request threshold once when exceeded a 503 status
is sent. In a SOAP scenario, we should rather use a suitable exception and
in a REST scenario we should be reporting a 503 status. The information on
number of concurrent requests that can be handled should probably go into
the services.xml as it being a service specific number. A global defualt
setting can possibly be stored in the axis2.xml.

Thoughts?

Regards,
Senaka

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org


Mime
View raw message