Mark Thomas wrote:
Karthik Nanjangude wrote:
Hi
SPEC ( Single box)
O/s : Unix 11
J2sdk : 1.6
DB : Oracle10g
TOMCAT 6.0.18.0
RAM 16 GB
A normal WEB application [ User id / Passwd for AAA ] on the following spec is
successfully running LIVE [ non clustered mode ]
Question : Some hacker is trying to bring the System down by polling the
sending continuous HTTP request very frequently [ We logged the client IP
address],
The WEB application cannot be configured to HTTPS (Client
disapproval)
Is there any way within tomcat design to prevent the same from
malicious attack?
You can limit the impact on Tomcat by blocking them with a Remote Address
Filter (http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html)
However, the earlier you can block them the better. If you can block that
IP at a firewall before they get to your box that would be better. Failing
that block the IP with iptables (or the equivalent on your platform) on the
server.
HTH,
Mark
Mark is right. In any case, SSL wouldn't even slow this kind of attack
down; it's only encryption....not authentication. SSL will actually
make it slightly worse since Tomcat has to work harder to decrypt and
encrypt the traffic. Filtering by IP is a good solution here, but if
this is your first publicly exposed website be prepared: This happens
all the time, and the client IP's will be wildly different...you can't
possibly filter them all. You might consider a good IPS between you and
the Internet at large. One example of a good free solution is
Untangle. You can buy support as well if it makes you more
comfortable. There's also dedicated "appliances" for this as well.
Brantley
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
