So Apache or WebLogic itself? That does the throttling?
I wouldn't try to solve this in a webapplication.
johan
On 11/6/06, Johannes Fahrenkrug <[EMAIL PROTECTED]> wrote:
Hi!
I'd like to prevent brute force attacks on the login page of my wicket
application. What would be the best approach? This is what I'm thinking
about doing: Record when the last request for the loginpage from a
certain IP came in and only handle the request when at least a second or
two have passed.
This would have to be done application wide because when an attacker
uses a tool like cURL a new session is created with each request.
So what would you guys suggest?
- Johannes
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
