Can you use servlet-filters (JSDK 2.3 spec)? That might a cool way to do something like this. It would also be standard conformant. OK you would need a 2.3-container...
But thinking about this DOS is good... regards Alexander -----Original Message----- From: Dave J Dandeneau [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 11:13 To: Struts Developers List Subject: Prevention of Denial of service attacks We have identified an issue with the system that we are developing where a user can send large amounts of data to an action and cause the system to deny other requests to get in. We tried to get apache to limit the request size, but it will not limit the request size for requests that are forwarded to the servlet container. A good idea to prevent denial of service attacks to struts applications might be to allow the action servlet to reject requests with content-length larger than a configurable amount. I think that many sites would benefit from having added protection at the servlet layer independent of the container that they are using. Thanks, dave -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>