Class DoSHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.Handler.Abstract

org.eclipse.jetty.server.Handler.AbstractContainer

org.eclipse.jetty.server.Handler.Wrapper

org.eclipse.jetty.server.handler.ConditionalHandler

org.eclipse.jetty.server.handler.ConditionalHandler.ElseNext

org.eclipse.jetty.server.handler.DoSHandler

All Implemented Interfaces:

Handler, Handler.Container, Handler.Singleton, Request.Handler, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle, org.eclipse.jetty.util.thread.Invocable

@ManagedObject("DoS Prevention Handler")
public class DoSHandler
extends ConditionalHandler.ElseNext

A Denial of Service Handler that protects from attacks by limiting the request rate from remote clients.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	DoSHandler.DelayedRejectHandler	A Handler to reject DoS requests after first delaying them.
static class	DoSHandler.LeakingBucketTrackerFactory	The Tracker implements the classic Leaky Bucket Algorithm.
static class	DoSHandler.StatusRejectHandler	A Handler to reject DoS requests with a status code or failure.
static interface	DoSHandler.Tracker	A RateTracker is associated with an id, and stores request rate data.

Nested classes/interfaces inherited from class ConditionalHandler

ConditionalHandler.Abstract, ConditionalHandler.ConnectorPredicate, ConditionalHandler.DontHandle, ConditionalHandler.ElseNext, ConditionalHandler.InetAddressPatternPredicate, ConditionalHandler.MethodPredicate, ConditionalHandler.NextElseReject, ConditionalHandler.PathSpecPredicate, ConditionalHandler.PredicateSet, ConditionalHandler.Reject, ConditionalHandler.SkipNext

Nested classes/interfaces inherited from class Handler.Abstract

Handler.Abstract.NonBlocking

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.Dumpable.DumpAppendable

Nested classes/interfaces inherited from interface Handler

Handler.AbstractContainer, Handler.Collection, Handler.Container, Handler.Sequence, Handler.Singleton, Handler.Wrapper

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable

org.eclipse.jetty.util.thread.Invocable.Callable, org.eclipse.jetty.util.thread.Invocable.InvocationType, org.eclipse.jetty.util.thread.Invocable.ReadyTask, org.eclipse.jetty.util.thread.Invocable.Task

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

Nested classes/interfaces inherited from interface Request.Handler

Request.Handler.AbortException

Field Summary

Fields

Modifier and Type	Field	Description
static final Function<Request,String>	ID_FROM_CONNECTION	A Function to create a remote client identifier from ConnectionMetaData.getId() of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_ADDRESS	A Function to create a remote client identifier from the remote address of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_ADDRESS_PORT	A Function to create a remote client identifier from the remote address and remote port of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_PORT	A Function to create a remote client identifier from the remote port of a Request.

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

LEGEND

Fields inherited from interface org.eclipse.jetty.util.thread.Invocable

__nonBlocking, NOOP

Constructor Summary

Constructors

Constructor	Description
DoSHandler(Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers)
DoSHandler(DoSHandler.Tracker.Factory trackerFactory)
DoSHandler(Handler handler, Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers)
DoSHandler(Handler handler, Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers, boolean rejectUntracked)

Method Summary

Modifier and Type	Method	Description
protected void	doStart()
protected void	doStop()
protected boolean	onConditionsMet(Request request, Response response, org.eclipse.jetty.util.Callback callback)	Handle a request that has met the conditions.
void	setServer(Server server)	Set the Server to associate to this Handler.

Methods inherited from class ConditionalHandler.ElseNext

onConditionsNotMet

Methods inherited from class ConditionalHandler

clear, dump, exclude, exclude, exclude, excludeInetAddressPattern, excludeMethod, excludePath, from, from, handle, include, include, include, includeInetAddressPattern, includeMethod, includePath, nextHandler

Methods inherited from class Handler.Wrapper

getHandler, getInvocationType, setHandler

Methods inherited from class Handler.AbstractContainer

findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic

Methods inherited from class Handler.Abstract

destroy, getServer

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.Container

getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Destroyable

destroy

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

isDumpable

Methods inherited from interface Handler

getServer

Methods inherited from interface Handler.Container

getContainer, getDescendant, getDescendants, getDescendants

Methods inherited from interface Handler.Singleton

getHandlers, getTail, insertHandler, setHandler

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

Field Details

ID_FROM_REMOTE_ADDRESS_PORT

public static final Function<Request,String> ID_FROM_REMOTE_ADDRESS_PORT

A Function to create a remote client identifier from the remote address and remote port of a Request.

ID_FROM_REMOTE_ADDRESS

public static final Function<Request,String> ID_FROM_REMOTE_ADDRESS

A Function to create a remote client identifier from the remote address of a Request.

ID_FROM_REMOTE_PORT

public static final Function<Request,String> ID_FROM_REMOTE_PORT

A Function to create a remote client identifier from the remote port of a Request. Useful if there is an untrusted intermediary, where the remote port can be a surrogate for the connection.

ID_FROM_CONNECTION

public static final Function<Request,String> ID_FROM_CONNECTION

A Function to create a remote client identifier from ConnectionMetaData.getId() of a Request.

Constructor Details

DoSHandler

public DoSHandler(@Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory)

Parameters:

trackerFactory - Factory to create a Tracker

DoSHandler

public DoSHandler(@Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers)

Parameters:

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

DoSHandler

public DoSHandler(@Name("handler")
 Handler handler,
 @Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers)

Parameters:

handler - Then next Handler or null

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

DoSHandler

public DoSHandler(@Name("handler")
 Handler handler,
 @Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers,
 @Name("rejectUntracked")
 boolean rejectUntracked)

Parameters:

handler - Then next Handler or null

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

Method Details

setServer

public void setServer(Server server)

Description copied from interface: Handler

Set the Server to associate to this Handler.

Specified by:

setServer in interface Handler

Overrides:

setServer in class Handler.AbstractContainer

Parameters:

server - the Server to associate to this Handler

onConditionsMet

protected boolean onConditionsMet(Request request,
 Response response,
 org.eclipse.jetty.util.Callback callback)
                           throws Exception

Description copied from class: ConditionalHandler

Handle a request that has met the conditions. Typically, the implementation will provide optional handling and then call the ConditionalHandler.nextHandler(Request, Response, Callback) method to continue handling.

Specified by:

onConditionsMet in class ConditionalHandler

Parameters:

request - The request to handle

response - The response to generate

callback - The callback for completion

Returns:

True if this handler will complete the callback

Throws:

Exception - If there is a problem handling

See Also:

• Request.Handler.handle(Request, Response, Callback)

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class ConditionalHandler

Throws:

Exception

doStop

protected void doStop()
               throws Exception

Overrides:

doStop in class Handler.Abstract

Throws:

Exception