Throttling HTTP by Remote IP

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
 

Latest revision as of 17:37, 21 October 2011


As a way of protecting your server from denial-of-service (DOS) attacks, Resin lets you limit the number of connections from a single IP address. This capability is available in Resin Professional, and it part of the <http> configuration.

When you add the <throttle-concurrent-max> tag, Resin will limit the number of concurrent connections from a single IP address. If the number of connections exceeds the max, Resin will immediately disconnect without reading or processing any bytes. In other words, the throttle will not take up any time parsing a HTTP header or producing a response, limiting the amount of time the attacker can waste.

[edit] resin.xml for HTTP throttling

<resin xmlns="http://caucho.com/ns/resin">
  <cluster id=""> 
    <resin:import path="${__DIR__}/app-default.xml"/>

    <server id="">

      <http port="80" address="*" throttle-concurrent-max="8"/>

    </server>

    <host id="">
       <web-app id="/" root-directory="/var/www/public-html"/>
    </host>
  </cluster>
</resin>
Personal tools