Throttling HTTP by Remote IP

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
(New page: Category: Cookbook As a way of protecting your server from denial-of-service (DOS) attacks, Resin lets you limit the number of connections from a single IP address. This capability is...)
 
Line 2: Line 2:
  
 
As a way of protecting your server from denial-of-service (DOS) attacks, Resin lets you limit the number of connections from a single IP address. This capability is available in Resin Professional, and it part of the <http> configuration.
 
As a way of protecting your server from denial-of-service (DOS) attacks, Resin lets you limit the number of connections from a single IP address. This capability is available in Resin Professional, and it part of the <http> configuration.
 +
 +
When you add the <throttle-concurrent-max> tag, Resin will limit the number of concurrent connections from a single IP address. If the number of connections exceeds the max, Resin will immediately disconnect without reading or processing any bytes. In other words, the throttle will not take up any time parsing a HTTP header or producing a response, limiting the amount of time the attacker can waste.
  
 
== resin.xml for HTTP throttling ==
 
== resin.xml for HTTP throttling ==
Line 11: Line 13:
 
     <server id="">
 
     <server id="">
 
   
 
   
       <http port="80" address="*" throttle="8"/>
+
       <http port="80" address="*" throttle-concurrent-max="8"/>
 
   
 
   
 
     </server>
 
     </server>

Revision as of 21:44, 2 October 2010


As a way of protecting your server from denial-of-service (DOS) attacks, Resin lets you limit the number of connections from a single IP address. This capability is available in Resin Professional, and it part of the <http> configuration.

When you add the <throttle-concurrent-max> tag, Resin will limit the number of concurrent connections from a single IP address. If the number of connections exceeds the max, Resin will immediately disconnect without reading or processing any bytes. In other words, the throttle will not take up any time parsing a HTTP header or producing a response, limiting the amount of time the attacker can waste.

resin.xml for HTTP throttling

<resin xmlns="http://caucho.com/ns/resin">
  <cluster id=""> 
    <resin:import path="${__DIR__}/app-default.xml"/>

    <server id="">

      <http port="80" address="*" throttle-concurrent-max="8"/>

    </server>

    <host id="">
       <web-app id="/" root-directory="/var/www/public-html"/>
    </host>
  </cluster>
</resin>
Personal tools