Class ThreadLimitHandler

All Implemented Interfaces:
Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle

public class ThreadLimitHandler extends HandlerWrapper

Handler to limit the threads per IP address for DOS protection

The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.

The handler makes a determination of the remote IP separately to any that may be made by the ForwardedRequestCustomizer or similar:

  • This handler will use either only a single style of forwarded header. This is on the assumption that a trusted local proxy will produce only a single forwarded header and that any additional headers are likely from untrusted client side proxies.
  • If multiple instances of a forwarded header are provided, this handler will use the right-most instance, which will have been set from the trusted local proxy
Requests in excess of the limit will be asynchronously suspended until a thread is available.

This is a simpler alternative to DosFilter

  • Constructor Details

    • ThreadLimitHandler

      public ThreadLimitHandler()
    • ThreadLimitHandler

      public ThreadLimitHandler(@Name("forwardedHeader") String forwardedHeader)
    • ThreadLimitHandler

      public ThreadLimitHandler(@Name("forwardedHeader") String forwardedHeader, @Name("rfc7239") boolean rfc7239)
  • Method Details

    • doStart

      protected void doStart() throws Exception
      Description copied from class: ContainerLifeCycle
      Starts the managed lifecycle beans in the order they were added.
      Overrides:
      doStart in class AbstractHandler
      Throws:
      AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.
      Exception - If there was a problem starting. Will cause a transition to FAILED state
    • isEnabled

      @ManagedAttribute("true if this handler is enabled") public boolean isEnabled()
    • setEnabled

      public void setEnabled(boolean enabled)
    • getThreadLimit

      @ManagedAttribute("The maximum threads that can be dispatched per remote IP") public int getThreadLimit()
    • getThreadLimit

      protected int getThreadLimit(String ip)
    • setThreadLimit

      public void setThreadLimit(int threadLimit)
    • include

      @ManagedOperation("Include IP in thread limits") public void include(String inetAddressPattern)
    • exclude

      @ManagedOperation("Exclude IP from thread limits") public void exclude(String inetAddressPattern)
    • handle

      public void handle(String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Description copied from interface: Handler
      Handle a request.
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class HandlerWrapper
      Parameters:
      target - The target of the request - either a URI or a name.
      baseRequest - The original unwrapped request object.
      request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
      response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
      Throws:
      IOException - if unable to handle the request or response processing
      javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue
    • getRemoteIP

      protected String getRemoteIP(Request baseRequest)