Hi thanks for your answers.
Concerning JMS, it is one interesting way : I have seen a limit for activeMQ which is the amount of memory used (not the number of message but i will dig it). Concerning CXF Invoker : I will look to the documentation to see how to use it. Regards Hervé On Mon, Feb 27, 2012 at 5:07 PM, Son Tung Nguyen <[email protected]>wrote: > " - Protection for overload due to a near limit behavior [i will nicely > ask to the client to slow down (by spec he would respect it) before > Protection for DoS will kick it] : How to apply something like this ?" > > -> Have you tried to create an Apache CXF Invoker for integrating this > logic ? > > 2012/2/27 Hervé BARRAULT <[email protected]> > > > Hi, > > Thanks for answer. > > Obviously real Protection for DoS is Firewall but I would be able to warn > > my client before Firewall will cut him (and the "limit" depends on the > > application context). > > > > The application which "attacks" me is a trusted application which can > have > > sometimes a throughput higher than the expected (plus margin) and i can't > > ban this application for this. Moreover with the asynchronous approach, i > > can handle 'for a while' an overload but i can't know how long i can > handle > > it (i don't think a firewall will adapt). > > > > I think, there is two levels : > > - Protection against DoS (and DDoS if possible) : Firewall > > - Protection for overload due to a near limit behavior [i will nicely > > ask to the client to slow down (by spec he would respect it) before > > Protection for DoS will kick it] : How to apply something like this ? > > > > Regards > > Hervé > > > > On Mon, Feb 27, 2012 at 9:55 AM, Son Tung Nguyen <[email protected] > > >wrote: > > > > > The true protection agains attacks like DoS must be done in network > level > > > with some kind of Firewall software. > > > > > > It would better for your application to do its business rather than > jobs > > of > > > others ... i think. > > > > > > 2012/2/26 Hervé BARRAULT <[email protected]> > > > > > > > Hi, > > > > as i am using a Camel CxfEndpoint, i think using the > > > > cxf-transport-http-jetty module. > > > > Are both DoS and QoS Filter unavailable ? > > > > Regards > > > > Hervé > > > > > > > > > > > > On Fri, Feb 24, 2012 at 3:58 AM, Willem Jiang < > [email protected] > > > > >wrote: > > > > > > > > > Hi, > > > > > > > > > > How did you deploy the service ? > > > > > If you are using the embedded jetty engine which is provided by > > > > > cxf-transport-http-jetty module, you can not set the DoSFilter on > it. > > > > > If you are deploy the service with help of CXFServlet, you can > > leverage > > > > > the DoSFilter feature of the WebContainer. > > > > > > > > > > Willem > > > > > > > > > > > > > > > On Thu Feb 23 17:55:37 2012, Hervé BARRAULT wrote: > > > > > > > > > >> Hi, > > > > >> My application publishes web services using CXF. > > > > >> Sometimes, some clients are flooding my application (i'm not able > to > > > > >> process the requests as fast as they coming : like a DoS) > > > > >> > > > > >> Should I handle it directly in my application or is there a > > > > configuration > > > > >> in CXF to being able to handle this problem ? > > > > >> > > > > >> Such as Limiting the number of connection by host (and eventually > by > > > > >> service [some services could be more "critical" than other]). > > > > >> Limiting the number of request by second (but this limit could > > depend > > > on > > > > >> the global load). > > > > >> I have seen : http://wiki.eclipse.org/Jetty/**Reference/DoSFilter > < > > > > http://wiki.eclipse.org/Jetty/Reference/DoSFilter>(which is > > > > >> dedicated to Jetty). > > > > >> > > > > >> SI there other smart strategies ? > > > > >> > > > > >> Here the question is not about DoS Attack but how to handle a > > > > >> Unintentional > > > > >> denial of service. > > > > >> > > > > >> Thanks for answers. > > > > >> Regards > > > > >> Hervé > > > > >> > > > > >> > > > > > > > > > > > > > > > -- > > > > > Willem > > > > > ------------------------------**---- > > > > > FuseSource > > > > > Web: http://www.fusesource.com > > > > > Blog: http://willemjiang.blogspot.**com< > > > > http://willemjiang.blogspot.com>(English) > > > > > http://jnn.javaeye.com (Chinese) > > > > > Twitter: willemjiang Weibo: willemjiang > > > > > > > > > > > > > > > > > > > > > -- > > > ~~~~~~~~~~~~~~~~~~~ > > > Sontung NGUYEN > > > > > > > > > -- > ~~~~~~~~~~~~~~~~~~~ > Sontung NGUYEN >
