tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to limit the number of sessions per IP address (DOS attacks)
Date Thu, 04 Oct 2012 17:18:33 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian,

On 10/3/12 9:13 PM, Brian Braun wrote:
> You are right, there is a hole there. However, it won't be a
> problem for me. Basically, I want to detect if the same IP creates
> so many sessions that in the same time 200 sessions exist and
> belong to is (the sessions live about 30 min each). My site doesn't
> have much traffic, usually there are between 10 and 20 sessions and
> many of them belong to crawlers. So if at a certain point there 200
> concurrent sessions belonging to the same IP, most likely they
> actually belong to the same host and not to many hosts behind a
> proxy.

You might want to detect crawlers and either change their session
timeout or avoid creating sessions at all for them.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBtxOkACgkQ9CaO5/Lv0PCv8gCgiDqYlQSdkwgmvC8deBBpAaH3
mG8An1DMTx47dwGPXvvyP5gR3SHE1EDG
=27TW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message