directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ute Schröder>
Subject intercept LDAP request based on IP address
Date Tue, 28 Jan 2014 10:14:08 GMT

I am using apacheDS 2.0.0 M15 embedded into my application. I would like
to prevent DoS attacks to the LDAP server by blocking repeated requests
from identical IP addresses.
My first thought was to use an interceptor, but I found that the first
method to be called is the lookup() method, and the
lookupOperationContext does not contain the client's IP address. I get
the IP address in the bind(BindContext) method, but then I have already
spent server capacity to check the username and password in the database
(even if the password is wrong, or the username unknown).

What is the best way to get to the client's IP address before I make a
database lookup? Is it possible to add a filter to the Mina filter chain
that is used in apacheDS, and if yes, how can I do that?
Using an external firewall to prevent DoS attacks is not feasible,

Thank you for your help, and best regards,

View raw message