| Re: [jetty-users] Can Jetty decide not to respond to a request? |
_______________________________________________My first choice would be to decide not to respond from within an AbstractHandler's handle() method, after examining the (HttpServlet)Request. But if there's another place we can examine the request (ideally in Java), that would work too. Right now I've got some code like:object MyHandler: AbstractHandler() {override fun handle(target: String,
baseRequest: Request,
request: HttpServletRequest,
response: HttpServletResponse) {
val rawPath = request.getPathInfo()
// We don't have any PHP files. Any attempt to access one is hacking.
if ( rawPath.endsWith(".php") ) {
logger.info("BOGUS Request: [${request.pathInfo}]")randomLengthNap()// 503 - Service Unavailable SC_SERVICE_UNAVAILABLE
// I think this is the most ambiguous way to say, "go away."
response.status = HttpServletResponse.SC_SERVICE_UNAVAILABLE
response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE)returnThis seems to work, but I'd prefer not to respond at all to these requests. I'd also prefer not to tie up a thread with the nap duration. Being able to say something like, request.doNotDignifyThisWithAResponse() would be ideal, but I don't know how to do that.Instead of (in addition to) watching what attacks we get and adding them over time, I'm also looking into Web Application Firewalls from Imperva, Akamai, and Cloudflare, so if you think that's a better way to solve this issue (or there is another non-jetty alternative I should consider) let me know.--Glen K. Peterson
(828) 393-0081
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users