-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert,
On 3/16/15 8:41 AM, Robert Klemme wrote: > On Sun, Mar 15, 2015 at 10:07 AM, Aurélien Terrestris > <aterrest...@gmail.com >> wrote: > >> I agree with the NIO connector which gives good results to this >> problem. Also, on Linux you can configure iptables firewall to >> limit the number of connections from one IP ( >> >> http://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable >> >> ) >> > > What I find difficult about this approach is that because of NAT > the number of individual machines (and hence connections that are > reasonable) behind a single IP can vary vastly. What value will you > pick to not discriminate large organizations? Or anyone using a service like AOL which proxies everyone through a small number of IP addresses. If you are worried about a DOS but not a DDOS, you aren't being honest with yourself. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVBs/xAAoJEBzwKT+lPKRYwjMQAI9nL3jhu1C+3yD4b5mmGpmQ 1+YXu71FHpC31M4/a5mQNkoa+n1UFJ9BUJx46TuamFBfoh34Y2IIzQCgrK6MDEjv PhF+/67+xTEeGhjGdN941aLvuJrM4EaMsc1/SPOpct9XEadf4RehdNCj7C4b1CIA BrH5ZvUYJNInaiZSl6ypIHkZ2JaeebdNvtuH5OMzQPPjuM30iCuNZPr++mzLjIDu 7H820ykyB34zUUbhAfZUaogoM2TAqevDUwCNp6aPbZLm4wQjilgLweGM+dJmVFMq onuNPTC11sVIYc3SyIZljPWeuz7I9yXStobFgLLFzWKKiaw8rj/Kd5SewCYe1DWJ IQfe0ZOOCqixU/uLVMUq5D2ch0U3ujDxrVnYds5ojXP57ZvmBW1PhJjzQag+Z2L/ rK4p/IZzNMjli8MeX4NkzV4iu/eGxfaKE2EZ+agAl9Hw9BLY4K6VvZSLIimk4PYE wy3VBQy97KwaVP1FvTHHCSWABpkKYZornDBobwn4kmSXJwVux0r2atCiFRNE4ry6 Fsa+XnHtKj3ui1X6R4QkiUgXXJaHQhLLeBjKGCZB5HNfNMTOrce/agWC1Q6u1Fv/ Gaxv1ls1nB9KiW7XN4H4NQ2fa+2z6pv8RMOgnnlCAlgd70Wq9a+fGKI2Bwdakaed Eax7olF7+ucQw8YmkXCV =OJJX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
