Léa, > Below is what I would like to ask you: > How do you usually protect your "Tomcat" servers and Webapps from (D)DOS > ((Distributed) Denial-of-service) attacks?
If you allow the DOS traffic to make it all the way up to the application layer before you detect it, then the DOS will still have an effect. The best way of stopping such traffic is to detect it at a lower level, and then block at a firewall. Typically this can be done by counting number of calls coming from a IP address and automatically blocking if they exceed a threshold. Apache ships with mod_evasive that allows you do this. I have used this in the past with some success. The other alternative I am aware of is to use mod_security. I am not aware of anything that will run directly in front of tomcat however - does anyone else have any suggestions? I think that was some talk of a port of mod_security that was implemented in java (well java calling the mod_security c library via jni). That might be mature enough for you to try. HTH Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
