Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure Denial of Service filters in ODL controller

Tags:

java

servlets

opendaylight

jetty

embedded-jetty

I am new to ODL controller and the embedded jetty. I would like to add the DoSFilter in jetty.xml to throttle the REST requests if there is a request flooding.

I tried searching the internet, but has lot of examples for configuring it in web.xml DoSFilter but not found much help for jetty.xml

Any help in configuring DoSFilter in jetty.xml would be of great help.

ODL - Nitrogen version

Jetty - 9.2.21.X version

The following are the options which I have tried so far.

Filters configured in jetty.xml:

    <Get name="handler">
        <Call name="addHandler">
            <Arg>
                <New class="org.eclipse.jetty.servlet.ServletContextHandler">
                    <Set name="contextPath">/</Set>
                    <Set name="resourceBase">../</Set>
                    <Call name="addFilter">
                        <Arg>
                            <New class="org.eclipse.jetty.servlet.FilterHolder">
                                <Arg>
                                    <New class="org.eclipse.jetty.servlets.DoSFilter" />
                                </Arg>
                                <Call name="setInitParameter">
                                    <Arg>maxRequestsPerSec</Arg>
                                    <Arg>30</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>delayMs</Arg>
                                    <Arg>100</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>maxRequestMs</Arg>
                                    <Arg>0</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>maxIdleTrackerMs</Arg>
                                    <Arg>0</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>ipWhitelist</Arg>
                                    <Arg>127.0.0.1</Arg>
                                </Call>
                            </New>
                        </Arg>
                        <Arg>/cxf/*</Arg>
                        <Arg>
                            <Call class="java.util.EnumSet" name="of">
                                <Arg>
                                    <Get class="javax.servlet.DispatcherType" name="REQUEST" />
                                </Arg>
                            </Call>
                        </Arg>
                    </Call>
                </New>
            </Arg>
        </Call>
    </Get>

Filters configured in web.xml:

    <filter>
            <filter-name>DoSFilter</filter-name>
            <filter-class>org.eclipse.jetty.servlets.DoSFilter</filter-class>
            <init-param>
                    <param-name>maxRequestsPerSec</param-name>
                    <param-value>1</param-value>
            </init-param>
            <init-param>
                    <param-name>delayMs</param-name>
                    <param-value>100</param-value>
            </init-param>
            <init-param>
                    <param-name>maxRequestMs</param-name>
                    <param-value>0</param-value>
            </init-param>
            <init-param>
                    <param-name>maxIdleTrackerMs</param-name>
                    <param-value>0</param-value>
            </init-param>
            <init-param>
                    <param-name>ipWhitelist</param-name>
                    <param-value>127.0.0.1</param-value>
            </init-param>
    </filter>
    <filter-mapping>
            <filter-name>DoSFilter</filter-name>
            <url-pattern>/cxf/*</url-pattern>
    </filter-mapping>
like image 236
Loganathan Mohanraj Avatar asked Mar 06 '20 06:03

Loganathan Mohanraj

People also ask

Can URL filtering policy misconfiguration lead to TCP denial of service attacks?

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.

What is denial of service protection?

DoS protection is the main feature for improving network security; it detects the abnormal traffic and filters it. This article explains the configuration of Denial of Service on Security Suite Settings and various techniques used for Denial of Service Prevention.

What is the denial-of-service (DoS) attack?

However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software.

How do I enable denial of service Prevention in security suite?

Step 1. Log in to the web configuration utility, and choose Security > Denial of Service Prevention > Security Suite Settings. The Security Suite Settings page opens: Enabled.

1 Answers

Because you are using embedded Jetty you do not need a jetty.xml file, instead you can configure this through API. Here is a code example which configures the DoSFilter with the same settings from your example in an embedded usage.

Server server = new Server();
ServerConnector connector = new ServerConnector(server);
server.addConnector(connector);

ServletContextHandler contextHandler = new ServletContextHandler();
contextHandler.setContextPath("/");
server.setHandler(contextHandler);

DoSFilter filter = new DoSFilter();
filter.setMaxRequestsPerSec(30);
contextHandler.addFilter(new FilterHolder(filter), "/*", EnumSet.of(DispatcherType.REQUEST));

server.start();
server.join();

I would also suggest you update to the latest version of Jetty as jetty-9.2 is End of Life, the latest version is currently jetty-9.4.27.

like image 96
Lachlan Avatar answered Oct 02 '22 16:10

Lachlan
Sign in to Comment

Related questions

Why is Scala building its own ForkJoinPool instead of using java.util.concurrent.ForkJoinPool#commonPool? [duplicate]
TabView: Have some of the tabs on the left side, and some of them on the right (Space in between)
Jshell crashes when i press BackSpace button in windows cmd
Spring boot Oauth2 Facebook login - JSON parse error: Cannot deserialize instance of `java.lang.String` out of START_OBJECT token
Problem with duplicate class com.google.android.gms Android Studio
Running powermock + mockito on java 11 http client
Java 8 timezone API get next transition not returning DST change in Moscow 1991
Is there a specific way to give a certain subclass some functions of the superclass?
Glassfish 5 creates empty temporary copy of EAR file on deploy
Multithreaded Segmented Sieve of Eratosthenes in Java
Secure keys in Java file like API keys, etc from hackers
When does Local.getCountry() return a UN M.49 3-digit code instead of an ISO 3166 2-letter code?
No Next and Previous button while importing project in Intellij after intellij Idea 2019.2 update
Split huge file of integers (in one line) into sorted chunks with memory restriction
Inconsistent exception details in parallel stream
Spring Boot 2.2 , JPA > Unable to locate Attribute if second letter is capitalized
Why ExoPlayer in Android OS-10 shows black preview screen while preview
Can't figure out how to use Prettier Plugin in .prettierrc
Java Regex - Allow all regular Unicode characters for names but not obscure variants
JRE created via JLink missing some security certificates (cacerts)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!