|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.eclipse.jetty.servlets.DoSFilter
public class DoSFilter
Denial of Service filter
This filter is based on the QoSFilter
. it is useful for limiting
exposure to abuse from request flooding, whether malicious, or as a result of
a misconfigured client.
The filter keeps track of the number of requests from a connection per second. If a limit is exceeded, the request is either rejected, delayed, or throttled.
When a request is throttled, it is placed in a priority queue. Priority is given first to authenticated users and users with an HttpSession, then connections which can be identified by their IP addresses. Connections with no way to identify them are given lowest priority.
The extractUserId(ServletRequest request)
function should be
implemented, in order to uniquely identify authenticated users.
The following init parameters control the behavior of the filter: maxRequestsPerSec the maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. delayMs is the delay given to all requests over the rate limit, before they are considered at all. -1 means just reject request, 0 means no delay, otherwise it is the delay. maxWaitMs how long to blocking wait for the throttle semaphore. throttledRequests is the number of requests over the rate limit able to be considered at once. throttleMs how long to async wait for semaphore. maxRequestMs how long to allow this request to run. maxIdleTrackerMs how long to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it insertHeaders if true , insert the DoSFilter headers into the response. Defaults to true. trackSessions if true, usage rate is tracked by session if a session exists. Defaults to true. remotePort if true and session tracking is not used, then rate is tracked by IP+port (effectively connection). Defaults to false. ipWhitelist a comma-separated list of IP addresses that will not be rate limited
Field Summary | |
---|---|
protected long |
_delayMs
|
protected boolean |
_insertHeaders
|
protected long |
_maxIdleTrackerMs
|
protected long |
_maxRequestMs
|
protected int |
_maxRequestsPerSec
|
protected Semaphore |
_passes
|
protected Queue<Continuation>[] |
_queue
|
protected ConcurrentHashMap<String,org.eclipse.jetty.servlets.DoSFilter.RateTracker> |
_rateTrackers
|
protected boolean |
_remotePort
|
protected long |
_throttleMs
|
protected boolean |
_trackSessions
|
protected long |
_waitMs
|
Constructor Summary | |
---|---|
DoSFilter()
|
Method Summary | |
---|---|
protected void |
closeConnection(HttpServletRequest request,
HttpServletResponse response,
Thread thread)
Takes drastic measures to return this response and stop this thread. |
void |
destroy()
|
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain filterchain)
|
protected void |
doFilterChain(FilterChain chain,
HttpServletRequest request,
HttpServletResponse response)
|
protected String |
extractUserId(ServletRequest request)
Returns the user id, used to track this connection. |
protected int |
getMaxPriority()
|
protected int |
getPriority(ServletRequest request,
org.eclipse.jetty.servlets.DoSFilter.RateTracker tracker)
Get priority for this request, based on user type |
org.eclipse.jetty.servlets.DoSFilter.RateTracker |
getRateTracker(ServletRequest request)
Return a request rate tracker associated with this connection; keeps track of this connection's request rate. |
void |
init(FilterConfig filterConfig)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected long _delayMs
protected long _throttleMs
protected long _waitMs
protected long _maxRequestMs
protected long _maxIdleTrackerMs
protected boolean _insertHeaders
protected boolean _trackSessions
protected boolean _remotePort
protected Semaphore _passes
protected Queue<Continuation>[] _queue
protected int _maxRequestsPerSec
protected final ConcurrentHashMap<String,org.eclipse.jetty.servlets.DoSFilter.RateTracker> _rateTrackers
Constructor Detail |
---|
public DoSFilter()
Method Detail |
---|
public void init(FilterConfig filterConfig)
init
in interface Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterchain) throws IOException, ServletException
doFilter
in interface Filter
IOException
ServletException
protected void doFilterChain(FilterChain chain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
chain
- request
- response
-
IOException
ServletException
protected void closeConnection(HttpServletRequest request, HttpServletResponse response, Thread thread)
request
- current requestresponse
- current response, which must be stoppedthread
- the handling threadprotected int getPriority(ServletRequest request, org.eclipse.jetty.servlets.DoSFilter.RateTracker tracker)
request
- tracker
-
protected int getMaxPriority()
public org.eclipse.jetty.servlets.DoSFilter.RateTracker getRateTracker(ServletRequest request)
request
-
public void destroy()
destroy
in interface Filter
protected String extractUserId(ServletRequest request)
request
-
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |