directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: intercept LDAP request based on IP address
Date Tue, 28 Jan 2014 10:25:45 GMT
On Tue, Jan 28, 2014 at 3:44 PM, Ute Schröder <us@crown.de> wrote:

> Hi,
>
> I am using apacheDS 2.0.0 M15 embedded into my application. I would like
> to prevent DoS attacks to the LDAP server by blocking repeated requests
> from identical IP addresses.
> My first thought was to use an interceptor, but I found that the first
> method to be called is the lookup() method, and the
> lookupOperationContext does not contain the client's IP address. I get
> the IP address in the bind(BindContext) method, but then I have already
> spent server capacity to check the username and password in the database
> (even if the password is wrong, or the username unknown).
>
> What is the best way to get to the client's IP address before I make a
> database lookup? Is it possible to add a filter to the Mina filter chain
> that is used in apacheDS, and if yes, how can I do that?
>
this is the best way to do
take a look at the start() method in LdapServer class, you can add a filter
to
the IoFilterChainBuilder in there.

Let us know if you run into any issues.

> Using an external firewall to prevent DoS attacks is not feasible,
> unfortunately.
>
> Thank you for your help, and best regards,
> Ute
>
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message