Depending on the serverity of the attack, you will need to to do this in
the network layer as higher layers can not sustain much load.
Assuming a Linux based server, this can be done with iptables.
The idea with the author cookie is nice but keep in mind that you need
to be able to login as well (without cookie). You need to disable DOS
protection for the login, which leaves a door for DOS.
Best Regards
Sebastian Hennebrueder
Andreas Andreou schrieb:
i'd also recommend Sergey's suggestion - it also frees up
app server resources/threads since the app server won't need to wait
for clients to get all the bytes of each response.
On Wed, Oct 14, 2009 at 11:03 PM, Sergey Didenko
<sergey.dide...@gmail.com> wrote:
It is more effective to use reverse proxy like nginx as a frontend.
And use it to cut ddos requests.
You will need to setup it with a rule like "if the request does not
contain auth cookie - send error.html ". May be more complex one
because this can be hijacked with a fake cookie.
Even more effective ways are to somehow identify bad requests and cut
them with firewall or even router.
On Wed, Oct 14, 2009 at 3:30 PM, Mats Henricson <m...@henricson.se> wrote:
Hi!
Hi!
Hi!
You Tapestry guys are slow today. It took a whopping 8 minutes to
get an answer... ;-)
So, what would you guys do? Is there a simpler solution? A filter?
I would use a ResquestFilter or a Dispatcher checking some service (that
would hold the underDDoS field) and redirecting to a given page when
needed.
Thanks a lot! I'll look at it!
Mats
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
Best Regards / Viele Grüße
Sebastian Hennebrueder
-----
Software Developer and Trainer for Hibernate / Java Persistence
http://www.laliluna.de
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
