Re: [jetty-users] Can Jetty decide not to respond to a request?

Mon, 16 Mar 2020 09:27:29 -0700 

Try the Jetty specific, super secret, definitely not a Servlet spec
behavior, of ...

response.sendError(-1); // abruptly close the connection
return;

See:
https://github.com/eclipse/jetty.project/blob/jetty-9.4.27.v20200227/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java#L430-L464

Joakim Erdfelt / [email protected]


On Mon, Mar 16, 2020 at 11:13 AM Glen Peterson <[email protected]>
wrote:

> My first choice would be to decide not to respond from within
> an AbstractHandler's handle() method, after examining the
> (HttpServlet)Request.  But if there's another place we can examine the
> request (ideally in Java), that would work too.  Right now I've got some
> code like:
>
> object MyHandler: AbstractHandler() {
>
>     override fun handle(target: String,
>                         baseRequest: Request,
>                         request: HttpServletRequest,
>                         response: HttpServletResponse) {
>
>         val rawPath = request.getPathInfo()
>
>         // We don't have any PHP files.  Any attempt to access one is
> hacking.
>         if ( rawPath.endsWith(".php") ) {
>             logger.info("BOGUS Request: [${request.pathInfo}]")
>
>             randomLengthNap()
>
>             // 503 - Service Unavailable SC_SERVICE_UNAVAILABLE
>             // I think this is the most ambiguous way to say, "go away."
>             response.status = HttpServletResponse.SC_SERVICE_UNAVAILABLE
>             response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE)
>             return
>
> This seems to work, but I'd prefer not to respond at all to these
> requests.  I'd also prefer not to tie up a thread with the nap duration.
> Being able to say something like, request.doNotDignifyThisWithAResponse()
> would be ideal, but I don't know how to do that.
>
> Instead of (in addition to) watching what attacks we get and adding them
> over time, I'm also looking into Web Application Firewalls from Imperva,
> Akamai, and Cloudflare, so if you think that's a better way to solve this
> issue (or there is another non-jetty alternative I should consider) let me
> know.
>
> --
> Glen K. Peterson
> (828) 393-0081
> _______________________________________________
> jetty-users mailing list
> [email protected]
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
>

_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users

Reply via email to