tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Braun <brianbr...@gmail.com>
Subject Re: How to limit the number of sessions per IP address (DOS attacks)
Date Thu, 04 Oct 2012 01:18:55 GMT
Hi Contantine,

I barely have about 10-20 sessions existing at the same time, considering
already abandones sessions and even sessions created because of crawlers.
So it won't be slow to use the getCount() method, at least not for now.
Thanks for your comment!



On Mon, Oct 1, 2012 at 5:42 AM, Konstantin Kolinko
<knst.kolinko@gmail.com>wrote:

> 2012/10/1 Brian Braun <brianbraun@gmail.com>:
> > Hi Constantine,
> >
> > 1- I had almost decided to program a filter. However, I have found this
> > solution:
> >
> http://stackoverflow.com/questions/3679465/find-number-of-active-sessions-created-from-a-given-client-ip/3679783#3679783
> > What do you think about it? I havent tried it yet, but as far as I can
> tell
> > it looks good. It would help me to know how many sessions exist for a
> > certain IP. Knowing that, I could deny more sessions for that IP (even
> > though the procedure to deny is not included in this code).
> >
>
> Yes, something like that.
>
> I note though that I'd expect that getCount() method implementation to be
> slow.
>
> Whether do you notice the slowness or not depends on the actual count
> of sessions on your server.
>
> >
> > 3- Thanks a lot for reminding me about the manager tag. I had almost
> forgot
> > about it. However, the attribute "maxActiveSessions" limits the total of
> > sessions among all the visitors, not specifically the total of sessions
> FOR
> > A CERTAIN IP, or does it?
> >
>
> Yes, the total count of active sessions. I think it would be better
> than to allow Tomcat to crash. Though it might disrupt service for the
> legitimate demo clients.
>
> .
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message