tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to limit the number of sessions per IP address (DOS attacks)
Date Fri, 12 Oct 2012 14:20:32 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jose,

On 10/11/12 3:36 PM, Jose MarĂ­a Zaragoza wrote:
> I'd like to implement something for controlling flooding on the
> same URL.
> 
> I've thought to make it using by a valve filter (  based on 
> RemoteAddressFilter ) and check remote IP address. is it the best
> way ?

I don't know if that's the best way because I don't have your full
requirement set.

> is Remote IP address reliable ? I'll be a public Tomcat 6 server

Remote IP address is not reliable IMO.

> I could add a CAPTCHA but I dont have much time

Use recaptcha: they have an API for it and everything. Just plug it in.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB4JzAACgkQ9CaO5/Lv0PBUCACfXMZ9OKPCTfSyiVSh9jFrVv5p
IoQAoIdzfUmy/gKz9JALUcISV9b0KmaN
=hs0m
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message