On 3/9/07, Adam Gordon <[EMAIL PROTECTED]> wrote:
How so? Please elaborate. Our web application sits entirely Tomcat land and it's accessible only via Apache, but Apache is only acting basically as the redirector - it knows nothing of what's going on, it just rewrites/relays requests and serves up responses.
I'm not an Apache administrative guru, but if you look around on the web for things like this http://www.perlcode.org/tutorials/apache/attacks.html you might be able to find something that suits your purposes. The point being that, as people have indicated, using Thread.sleep to control this is dodgy, and besides, who's to say that only people who can't login are malicious. What if you have some disgruntled legitimate user (or someone who compromises the password of a legitimate user) -- if you're concerned essentially about DoS attacks, you don't want to have to clutter your web application with managing all of that. Why have Apache in the middle if you don't use it for something? ;-) Joe -- Joe Germuska [EMAIL PROTECTED] * http://blog.germuska.com "The truth is that we learned from João forever to be out of tune." -- Caetano Veloso
