" - Protection for overload due to a near limit behavior [i will nicely ask to the client to slow down (by spec he would respect it) before Protection for DoS will kick it] : How to apply something like this ?"
-> Have you tried to create an Apache CXF Invoker for integrating this logic ? 2012/2/27 Hervé BARRAULT <[email protected]> > Hi, > Thanks for answer. > Obviously real Protection for DoS is Firewall but I would be able to warn > my client before Firewall will cut him (and the "limit" depends on the > application context). > > The application which "attacks" me is a trusted application which can have > sometimes a throughput higher than the expected (plus margin) and i can't > ban this application for this. Moreover with the asynchronous approach, i > can handle 'for a while' an overload but i can't know how long i can handle > it (i don't think a firewall will adapt). > > I think, there is two levels : > - Protection against DoS (and DDoS if possible) : Firewall > - Protection for overload due to a near limit behavior [i will nicely > ask to the client to slow down (by spec he would respect it) before > Protection for DoS will kick it] : How to apply something like this ? > > Regards > Hervé > > On Mon, Feb 27, 2012 at 9:55 AM, Son Tung Nguyen <[email protected] > >wrote: > > > The true protection agains attacks like DoS must be done in network level > > with some kind of Firewall software. > > > > It would better for your application to do its business rather than jobs > of > > others ... i think. > > > > 2012/2/26 Hervé BARRAULT <[email protected]> > > > > > Hi, > > > as i am using a Camel CxfEndpoint, i think using the > > > cxf-transport-http-jetty module. > > > Are both DoS and QoS Filter unavailable ? > > > Regards > > > Hervé > > > > > > > > > On Fri, Feb 24, 2012 at 3:58 AM, Willem Jiang <[email protected] > > > >wrote: > > > > > > > Hi, > > > > > > > > How did you deploy the service ? > > > > If you are using the embedded jetty engine which is provided by > > > > cxf-transport-http-jetty module, you can not set the DoSFilter on it. > > > > If you are deploy the service with help of CXFServlet, you can > leverage > > > > the DoSFilter feature of the WebContainer. > > > > > > > > Willem > > > > > > > > > > > > On Thu Feb 23 17:55:37 2012, Hervé BARRAULT wrote: > > > > > > > >> Hi, > > > >> My application publishes web services using CXF. > > > >> Sometimes, some clients are flooding my application (i'm not able to > > > >> process the requests as fast as they coming : like a DoS) > > > >> > > > >> Should I handle it directly in my application or is there a > > > configuration > > > >> in CXF to being able to handle this problem ? > > > >> > > > >> Such as Limiting the number of connection by host (and eventually by > > > >> service [some services could be more "critical" than other]). > > > >> Limiting the number of request by second (but this limit could > depend > > on > > > >> the global load). > > > >> I have seen : http://wiki.eclipse.org/Jetty/**Reference/DoSFilter< > > > http://wiki.eclipse.org/Jetty/Reference/DoSFilter>(which is > > > >> dedicated to Jetty). > > > >> > > > >> SI there other smart strategies ? > > > >> > > > >> Here the question is not about DoS Attack but how to handle a > > > >> Unintentional > > > >> denial of service. > > > >> > > > >> Thanks for answers. > > > >> Regards > > > >> Hervé > > > >> > > > >> > > > > > > > > > > > > -- > > > > Willem > > > > ------------------------------**---- > > > > FuseSource > > > > Web: http://www.fusesource.com > > > > Blog: http://willemjiang.blogspot.**com< > > > http://willemjiang.blogspot.com>(English) > > > > http://jnn.javaeye.com (Chinese) > > > > Twitter: willemjiang Weibo: willemjiang > > > > > > > > > > > > > > > -- > > ~~~~~~~~~~~~~~~~~~~ > > Sontung NGUYEN > > > -- ~~~~~~~~~~~~~~~~~~~ Sontung NGUYEN
