tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MC Moisei" <>
Subject Re: can I prevent DoS (Denial of Service) Attacks in JSP?
Date Tue, 02 Aug 2005 15:12:21 GMT
I don't is possible because in case of a DoS they first target your web 
server by making it busy.
That can be tomcat but can well be apache.

Secondly "they" can attack you from many ip addresses and that would be 
pretty harsh, if for example you'd get 1 zillion requests for a larger 
file/page and your tomcat will become very busy trying to serve that 
page/file.Additional users will experience slow access or even no access at 

What you can do, is more like a prevention - just an idea, never implemented 
yet - keep tap of access and if you think that one particular ip address or 
one resource is hit extremely often then treat that request differenly, a 
short(text), polite message will do - you'd serve it differently.
This will not be bullet proof thought, any additional number of requests can 
bring you bag at start point...

Maybe load balancing can help, that has nothing to do though with your 
application. It's a appserver and hardware configuration.

Hope this will help,

>From: Larry Meadors <>
>To: Tomcat Users List <>
>Subject: Re: can I prevent DoS (Denial of Service) Attacks in JSP?
>Date: Tue, 2 Aug 2005 08:30:32 -0600
>Hmm, that is like asking how to avoid automobile accidents.
>On 8/2/05, Ben Bookey <> wrote:
> >
> > Dear List,
> >
> > I have been asked if its possible to prevent DoS attacks inside Java
> > (JSP/Servlet).
> >
> > I guess it is ... is this something however that TC would be configured 
> > deal with, or
> > must I do something myself. Whats normal ?
> >
> > Many thanks in advance!
> > Best wishes
> > Ben Bookey
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> >
> >

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message