tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aurélien Terrestris <aterrest...@gmail.com>
Subject Re: Slow http denial of service
Date Mon, 16 Mar 2015 13:16:43 GMT
As browsers (at least the ones I know) open 2 connections to browse
websites, we could have a look on the hourly stats and estimate this
(under 100 without problem). I never met such problem anyway, the
highest trafic being 120 000 different users/day.

If you really have to face DDOS as said by Christopher, you would have
to use something like cloudflare. For very big sites, AKAMAI,..

2015-03-16 13:50 GMT+01:00 David kerber <dckerber@verizon.net>:
> On 3/16/2015 8:41 AM, Robert Klemme wrote:
>>
>> On Sun, Mar 15, 2015 at 10:07 AM, Aurélien Terrestris
>> <aterrestris@gmail.com
>>>
>>> wrote:
>>
>>
>>> I agree with the NIO connector which gives good results to this
>>> problem. Also, on Linux you can configure iptables firewall to limit
>>> the number of connections from one IP (
>>>
>>>
>>> http://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable
>>> )
>>>
>>
>> What I find difficult about this approach is that because of NAT the
>> number
>> of individual machines (and hence connections that are reasonable) behind
>> a
>> single IP can vary vastly. What value will you pick to not discriminate
>> large organizations?
>
>
> That is a reasonable question, but the owner of a web site should have some
> idea of who their clients are, and have a feel for a reasonable number to
> allow.  Obviously a site with a large clientele will be able to handle a
> larger number of connections, whether they're legit or not.
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message