On Tue, Jan 28, 2014 at 3:44 PM, Ute Schröder <[email protected]> wrote:
> Hi, > > I am using apacheDS 2.0.0 M15 embedded into my application. I would like > to prevent DoS attacks to the LDAP server by blocking repeated requests > from identical IP addresses. > My first thought was to use an interceptor, but I found that the first > method to be called is the lookup() method, and the > lookupOperationContext does not contain the client's IP address. I get > the IP address in the bind(BindContext) method, but then I have already > spent server capacity to check the username and password in the database > (even if the password is wrong, or the username unknown). > > What is the best way to get to the client's IP address before I make a > database lookup? Is it possible to add a filter to the Mina filter chain > that is used in apacheDS, and if yes, how can I do that? > this is the best way to do take a look at the start() method in LdapServer class, you can add a filter to the IoFilterChainBuilder in there. Let us know if you run into any issues. > Using an external firewall to prevent DoS attacks is not feasible, > unfortunately. > > Thank you for your help, and best regards, > Ute > > > -- Kiran Ayyagari http://keydap.com
