tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brantley Hobbs <>
Subject Re: Stop Hack attack
Date Fri, 03 Oct 2008 12:09:57 GMT
Mark Thomas wrote:
> Karthik Nanjangude wrote:
>> Hi
>> SPEC ( Single box)
>> O/s : Unix 11
>> J2sdk  : 1.6
>> DB : Oracle10g
>> RAM  16 GB
>> A normal WEB application [ User id / Passwd for AAA ] on the following spec  is successfully
running LIVE  [  non  clustered mode  ]
>> Question :  Some hacker is trying to bring the System down by polling the sending
continuous  HTTP request  very frequently [ We logged the client IP  address],
>>                  The WEB application cannot be configured to HTTPS (Client disapproval)
>>                  Is there any way within tomcat design to prevent the same from malicious
> You can limit the impact on Tomcat by blocking them with a Remote Address
> Filter (
> However, the earlier you can block them the better. If you can block that
> IP at a firewall before they get to your box that would be better. Failing
> that block the IP with iptables (or the equivalent on your platform) on the
> server.
> HTH,
> Mark
Mark is right.  In any case, SSL wouldn't even slow this kind of attack 
down; it's only encryption....not authentication.  SSL will actually 
make it slightly worse since Tomcat has to work harder to decrypt and 
encrypt the traffic.  Filtering by IP is a good solution here, but if 
this is your first publicly exposed website be prepared:  This happens 
all the time, and the client IP's will be wildly can't 
possibly filter them all.  You might consider a good IPS between you and 
the Internet at large.  One example of a good free solution is 
Untangle.  You can buy support as well if it makes you more 
comfortable.  There's also dedicated "appliances" for this as well.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message