Hi, Thanks for answer. Obviously real Protection for DoS is Firewall but I would be able to warn my client before Firewall will cut him (and the "limit" depends on the application context).
The application which "attacks" me is a trusted application which can have sometimes a throughput higher than the expected (plus margin) and i can't ban this application for this. Moreover with the asynchronous approach, i can handle 'for a while' an overload but i can't know how long i can handle it (i don't think a firewall will adapt). I think, there is two levels : - Protection against DoS (and DDoS if possible) : Firewall - Protection for overload due to a near limit behavior [i will nicely ask to the client to slow down (by spec he would respect it) before Protection for DoS will kick it] : How to apply something like this ? Regards Hervé On Mon, Feb 27, 2012 at 9:55 AM, Son Tung Nguyen <[email protected]>wrote: > The true protection agains attacks like DoS must be done in network level > with some kind of Firewall software. > > It would better for your application to do its business rather than jobs of > others ... i think. > > 2012/2/26 Hervé BARRAULT <[email protected]> > > > Hi, > > as i am using a Camel CxfEndpoint, i think using the > > cxf-transport-http-jetty module. > > Are both DoS and QoS Filter unavailable ? > > Regards > > Hervé > > > > > > On Fri, Feb 24, 2012 at 3:58 AM, Willem Jiang <[email protected] > > >wrote: > > > > > Hi, > > > > > > How did you deploy the service ? > > > If you are using the embedded jetty engine which is provided by > > > cxf-transport-http-jetty module, you can not set the DoSFilter on it. > > > If you are deploy the service with help of CXFServlet, you can leverage > > > the DoSFilter feature of the WebContainer. > > > > > > Willem > > > > > > > > > On Thu Feb 23 17:55:37 2012, Hervé BARRAULT wrote: > > > > > >> Hi, > > >> My application publishes web services using CXF. > > >> Sometimes, some clients are flooding my application (i'm not able to > > >> process the requests as fast as they coming : like a DoS) > > >> > > >> Should I handle it directly in my application or is there a > > configuration > > >> in CXF to being able to handle this problem ? > > >> > > >> Such as Limiting the number of connection by host (and eventually by > > >> service [some services could be more "critical" than other]). > > >> Limiting the number of request by second (but this limit could depend > on > > >> the global load). > > >> I have seen : http://wiki.eclipse.org/Jetty/**Reference/DoSFilter< > > http://wiki.eclipse.org/Jetty/Reference/DoSFilter>(which is > > >> dedicated to Jetty). > > >> > > >> SI there other smart strategies ? > > >> > > >> Here the question is not about DoS Attack but how to handle a > > >> Unintentional > > >> denial of service. > > >> > > >> Thanks for answers. > > >> Regards > > >> Hervé > > >> > > >> > > > > > > > > > -- > > > Willem > > > ------------------------------**---- > > > FuseSource > > > Web: http://www.fusesource.com > > > Blog: http://willemjiang.blogspot.**com< > > http://willemjiang.blogspot.com>(English) > > > http://jnn.javaeye.com (Chinese) > > > Twitter: willemjiang Weibo: willemjiang > > > > > > > > > -- > ~~~~~~~~~~~~~~~~~~~ > Sontung NGUYEN >
