tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to limit the number of sessions per IP address (DOS attacks)
Date Mon, 01 Oct 2012 14:41:42 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian,

On 10/1/12 1:08 AM, Brian Braun wrote:
> 1- I had almost decided to program a filter. However, I have found
> this solution: 
> http://stackoverflow.com/questions/3679465/find-number-of-active-sessions-created-from-a-given-client-ip/3679783#3679783
>
> 
What do you think about it? I havent tried it yet, but as far as I can tell
> it looks good. It would help me to know how many sessions exist for
> a certain IP. Knowing that, I could deny more sessions for that IP
> (even though the procedure to deny is not included in this code).

Just remember that some ISPs (AOL comes to mind... not sure if they
still do this) aggregate all users behind a small number of IP
addresses for a variety of reasons. That means that IP != unique identity.

You might want to build a whilelist into your filter so you can fix IP
addresses as you get problem reports.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBpq6YACgkQ9CaO5/Lv0PCnqwCfefRscbv/8RzzqChoJRbJSU3M
CdMAn3mvE9tWIr8QhqXee8Dqyf/l+twV
=Xfe5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message