Interesting, this can be done with Synapse and a one suggestion; You could use the throttle mediator and/or cache mediator to prevent the actual web service with the DoS attacks, by throttling the access to the web service using the throttle mediator and you could use the cache mediator to serve from the cache for equivalent messages within the synapse layer itself without hitting the actual service. (Cache mediator is going to work iff the service response completely depends on the request message and not with any other parameters like time and so on)
This might also be a good way of preventing the actual service. Thanks, Ruwan On Sun, Mar 22, 2009 at 9:12 PM, Simon Echle <[email protected]> wrote: > > Interestingly, even Axis2 itself is not immune. See [1] for an issue > > that has been discovered yesterday. > > > > Is your project/thesis more focused on detecting security issues and > > fixing them or on protecting existing Web services with potentially > > known security issues? > > > > Andreas > > > > [1] https://issues.apache.org/jira/browse/AXIS2-4279 > > Hi, > > it is definitely more focused on protecting existing Web services > against known attacks. Nevertheless one interesting part is how to > handle new upcoming attacks and again the solution of securing the > application layer outside the application (with Synapse in my case) > comes up with some obvious advatages, like you do not have to change or > know a single line of code of the service. > > > Simon > > -- Ruwan Linton Senior Software Engineer & Product Manager; WSO2 ESB; http://wso2.org/esb WSO2 Inc.; http://wso2.org email: [email protected]; cell: +94 77 341 3097 blog: http://ruwansblog.blogspot.com
