public class ThreadLimitHandler extends HandlerWrapper
Handler to limit the threads per IP address for DOS protection
The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.
The handler makes a determination of the remote IP separately to
any that may be made by the ForwardedRequestCustomizer
or similar:
This is a simpler alternative to DosFilter
Modifier and Type | Class and Description |
---|---|
private class |
ThreadLimitHandler.Remote |
private class |
ThreadLimitHandler.RFC7239 |
AbstractHandler.ErrorDispatchHandler
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
Modifier and Type | Field and Description |
---|---|
private boolean |
_enabled |
private java.lang.String |
_forwardedHeader |
private IncludeExcludeSet<java.lang.String,java.net.InetAddress> |
_includeExcludeSet |
private java.util.concurrent.ConcurrentMap<java.lang.String,ThreadLimitHandler.Remote> |
_remotes |
private boolean |
_rfc7239 |
private int |
_threadLimit |
private static Logger |
LOG |
private static java.lang.String |
PERMIT |
private static java.lang.String |
REMOTE |
_handler
Constructor and Description |
---|
ThreadLimitHandler() |
ThreadLimitHandler(java.lang.String forwardedHeader) |
ThreadLimitHandler(java.lang.String forwardedHeader,
boolean rfc7239) |
Modifier and Type | Method and Description |
---|---|
protected void |
doStart()
Starts the managed lifecycle beans in the order they were added.
|
void |
exclude(java.lang.String inetAddressPattern) |
private java.lang.String |
getForwarded(Request request) |
protected ThreadLimitHandler.Remote |
getRemote(Request baseRequest) |
protected java.lang.String |
getRemoteIP(Request baseRequest) |
int |
getThreadLimit() |
protected int |
getThreadLimit(java.lang.String ip) |
private java.lang.String |
getXForwardedFor(Request request) |
void |
handle(java.lang.String target,
Request baseRequest,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle a request.
|
void |
include(java.lang.String inetAddressPattern) |
boolean |
isEnabled() |
void |
setEnabled(boolean enabled) |
void |
setThreadLimit(int threadLimit) |
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
doShutdown, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
doError, doStop, getServer
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop
dumpContainer, dumpIterable, dumpMapEntries, dumpObjects, dumpSelf, named
private static final Logger LOG
private static final java.lang.String REMOTE
private static final java.lang.String PERMIT
private final boolean _rfc7239
private final java.lang.String _forwardedHeader
private final IncludeExcludeSet<java.lang.String,java.net.InetAddress> _includeExcludeSet
private final java.util.concurrent.ConcurrentMap<java.lang.String,ThreadLimitHandler.Remote> _remotes
private volatile boolean _enabled
private int _threadLimit
public ThreadLimitHandler()
public ThreadLimitHandler(@Name(value="forwardedHeader") java.lang.String forwardedHeader)
protected void doStart() throws java.lang.Exception
ContainerLifeCycle
doStart
in class AbstractHandler
java.lang.Exception
@ManagedAttribute(value="true if this handler is enabled") public boolean isEnabled()
public void setEnabled(boolean enabled)
@ManagedAttribute(value="The maximum threads that can be dispatched per remote IP") public int getThreadLimit()
public void setThreadLimit(int threadLimit)
@ManagedOperation(value="Include IP in thread limits") public void include(java.lang.String inetAddressPattern)
@ManagedOperation(value="Exclude IP from thread limits") public void exclude(java.lang.String inetAddressPattern)
public void handle(java.lang.String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
Handler
handle
in interface Handler
handle
in class HandlerWrapper
target
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as the Request
object or a wrapper of that request. The
HttpConnection.getCurrentConnection()
.getHttpChannel()
.getRequest()
method can be used access the Request object if required.response
- The response as the Response
object or a wrapper of that request. The
HttpConnection.getCurrentConnection()
.getHttpChannel()
.getResponse()
method can be used access the Response object if required.java.io.IOException
- if unable to handle the request or response processingjavax.servlet.ServletException
- if unable to handle the request or response due to underlying servlet issueprotected int getThreadLimit(java.lang.String ip)
protected ThreadLimitHandler.Remote getRemote(Request baseRequest)
protected java.lang.String getRemoteIP(Request baseRequest)
private java.lang.String getForwarded(Request request)
private java.lang.String getXForwardedFor(Request request)