Perhaps it would be better solved with a document included within JK2 detailing the necessity of such protection and how to configure it?
At 05:17 PM 29/03/2004, you wrote:
Steve Spicer wrote:Hey,
I've been having some serious problems with brute force denail of service attacks on httpd with tomcat 4 and jk2. After sitting down and working out the desired point of redirection I found the mod_dos module which effectively refuses traffic for these attacks, however after installing this module with JK2 tomcat is still activated for some reason on these repeat requests - I suspected it was the order in which the modules were created but couldn't find an config solution. So I merged the mod_dos module with the JK2 module - the result is an out-of-the-box jk2 module that inherits all of the benefits of the anti-DoS module.
If this is considered to be useful (and within the scope) of the JK2 project please let me know!
From what I see in mod_dosevasive 1.8, this module only use access_checker hook:
ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_MIDDLE);
Well I'm not sure we should implement mod_dosevasive in jk or jk2, since it's not their 'core' business to handle protection about DOS.
But we should garantee that mod_dosevasive and jk/jk2 will works together.
There is no real order in such case, since we're not using the same hooks.
Gleen and Mladen what's your opinions ?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
