struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave J Dandeneau" <>
Subject Prevention of Denial of service attacks
Date Fri, 12 Jul 2002 09:13:08 GMT
We have identified an issue with the system that we are developing where a user can send large
amounts of data to an action and cause the system to deny other requests to get in. We tried
to get apache to limit the request size, but it will not limit the request size for requests
that are forwarded to the servlet container. 

A good idea to prevent denial of service attacks to struts applications might be to allow
the action servlet to reject requests with content-length larger than a configurable amount.
I think that many sites would benefit from having added protection at the servlet layer independent
of the container that they are using. 


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message