tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wade Chandler <wchand...@redesetgrow.com>
Subject Re: Denial Service Attack Prevention apache-tomcat modjk2
Date Thu, 10 Jun 2004 15:29:08 GMT
Shapira, Yoav wrote:

> Hi,
> You can use JavaScript to disable form elements, thereby graying them
> out and preventing the user from clicking again.
> 
> Yoav Shapira
> Millennium Research Informatics
> 
> 
> 
>>-----Original Message-----
>>From: Steve [mailto:tomcat@sbtt.net]
>>Sent: Thursday, June 10, 2004 10:52 AM
>>To: Tomcat Users List
>>Subject: Denial Service Attack Prevention apache-tomcat modjk2
>>
>>Looking for a solution to prevent a user from click multiply times on a
>>function in which the application is still performing from the first
> 
> click.
> 
>>The user thinkgs the app is not responding where in fact it is, then
>>causing the app to take a dump from multiply request.
>>
>>Using cisco css LB into --> Apache, mod_jk2 into tomcat 4.1.29
>>
>>any tips or pointers greatly appr
>>
>>-s
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> 
> This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged.  This e-mail
is intended only for the individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the sender.  Thank you.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
Replying on top of Yoav's because I don't have the other message.

If it is a large enough operation your could do something like this:

//check if running
String methodName = "com.mypackage.MyClass.myMethod";
//pull value from session test and add if needed.
Boolean isRunning = (Boolean)session.getAttribute(methodName);
if( isRunning != null && isRunning.booleanValue() )
{
    //hand off to other method that tells them to please wait.
}
else
{
//first let app know user is doing task.
session.setAttribute(methodName, new Boolean(true));

//perform that large task
try
{
//do work that might jump out here...
}
catch(Throwable e)
{

}
finally
{
    //ok, it's done...remove from session.
    session.removeAttribute(methodName);
}
}//end else

Now the large task can't eat up your cpu more than you let it because it 
only runs once per user at a time.  Sleeping the thread a little after 
so many iterations in loops also will help your entire server and 
application.  After maybe every 1000 iterations sleep for a couple of 
millis. Play with that sometimes it helps sometimes not.  It spreads out 
the load over time a bit and allows the computer to service more users, 
it just takes longer...

Hope that helps you some.

Wade


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message