private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
The Denial of Service (DoS) filter limits exposure to request flooding, whether malicious, or as a result of a misconfigured client. The DoS filter keeps track of the number of requests from a connection per second. If the requests exceed the limit, Jetty rejects, delays, or throttles the request, and sends a warning message. The filter works on the assumption that the attacker might be written in simple blocking style, so by suspending requests you are hopefully consuming the attacker’s resources. The DoS filter is related to the QoS filter, using Continuations to prioritize requests and avoid thread starvation.
Jetty places throttled requests in a priority queue, giving priority first to authenticated users and users with an HttpSession, then to connections identified by their IP addresses. Connections with no way to identify them have lowest priority. To uniquely identify authenticated users, you should implement the The extractUserId(ServletRequest request) function.
To use the DoS Filter, these JAR files must be available in WEB-INF/lib:
Place the configuration in a webapp’s web.xml or jetty-web.xml. The default configuration allows 25 requests per connection at a time, servicing more important requests first, and queuing up the rest. This example allow 30 requests at a time:
<filter> <filter-name>DoSFilter</filter-name> <filter-class>org.eclipse.jetty.servlets.DoSFilter</filter-class> <init-param> <param-name>maxRequestsPerSec</param-name> <param-value>30</param-value> </init-param> </filter>
The following init parameters control the behavior of the filter:
Delay imposed on all requests over the rate limit, before they are considered at all: