Karthik Nanjangude wrote: > Hi > > SPEC ( Single box) > O/s : Unix 11 > J2sdk : 1.6 > DB : Oracle10g > TOMCAT 6.0.18.0 > RAM 16 GB > > > > A normal WEB application [ User id / Passwd for AAA ] on the following spec > is successfully running LIVE [ non clustered mode ] > > Question : Some hacker is trying to bring the System down by polling the > sending continuous HTTP request very frequently [ We logged the client IP > address], > The WEB application cannot be configured to HTTPS (Client > disapproval) > Is there any way within tomcat design to prevent the same > from malicious attack?
You can limit the impact on Tomcat by blocking them with a Remote Address Filter (http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) However, the earlier you can block them the better. If you can block that IP at a firewall before they get to your box that would be better. Failing that block the IP with iptables (or the equivalent on your platform) on the server. HTH, Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
