用于防止滥用的Servlet过滤器？ （DoS，垃圾邮件等） [英] Servlet filters for abuse prevention? (DoS, spam, etc)

问题描述

我正在寻找一个servlet过滤器库来帮助我保护我们的Web服务免受未经授权的使用和DDoS的攻击。<​​/ p>

我们的授权客户用于我们的Web服务，理想情况下，过滤器可以帮助检测未经授权或行为不当的客户端，或使用同一帐户检测多个人。我们还需要一种方法来防止各种服务的DoS，因为我们有一个开放帐户策略 - 限制用户同时连接的数量等。

我们已经看过Tomcat LockOutFilter等等，但这些都是相当原始的，只能防止一种攻击。

当然有许多特定于应用程序的组件解决方案，但我想知道是否有人写了一个通用解决方案作为起点。

解决方案

iTransformers DDOS servlet 过滤器是一个很好的例子，适用于能够应用远程触发黑洞的servlet过滤器 https://tools.ietf.org/html/rfc5635 这是唯一真正/良好且可扩展的方法来保护自己免受DDOS攻击。

I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS.

We have "authorized clients" for our web service, so ideally the filter would help detect clients that aren't authorized or behave improperly, or detect multiple people using the same account. Also we need a way to prevent DoS'ing of our various services since we have an open-account policy -- limiting the number of simultaneous connections for a user, etc.

We've looked at the Tomcat LockOutFilter and such but those are fairly primitive and only prevent against one sort of attack.

Of course there are many application-specific components of the solution, but I was wondering if someone had written up a general solution as a starting point.

解决方案

iTransformers DDOS servlet filter is a good example for a servlet filter able to apply Remotely Triggered Black holing https://tools.ietf.org/html/rfc5635 which is the only real/good and scalable way to defend yourself from a DDOS attacks.

这篇关于用于防止滥用的Servlet过滤器？ （DoS，垃圾邮件等）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！