struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Alexander (KADA 11)" <alexander.je...@csfs.com>
Subject RE: Prevention of Denial of service attacks
Date Mon, 15 Jul 2002 05:55:55 GMT
Can you use servlet-filters (JSDK 2.3 spec)?

That might a cool way to do something like this. It would also be standard conformant.
OK you would need a 2.3-container...

But thinking about this DOS is good...

regards
Alexander

-----Original Message-----
From: Dave J Dandeneau [mailto:Dave.Dandeneau@viant.com]
Sent: Freitag, 12. Juli 2002 11:13
To: Struts Developers List
Subject: Prevention of Denial of service attacks


We have identified an issue with the system that we are developing where a user can send large
amounts of data to an action and cause the system to deny other requests to get in. We tried
to get apache to limit the request size, but it will not limit the request size for requests
that are forwarded to the servlet container. 

A good idea to prevent denial of service attacks to struts applications might be to allow
the action servlet to reject requests with content-length larger than a configurable amount.
I think that many sites would benefit from having added protection at the servlet layer independent
of the container that they are using. 

Thanks,
dave 

--
To unsubscribe, e-mail:   <mailto:struts-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:struts-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-dev-help@jakarta.apache.org>


Mime
View raw message