Class DoSHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.Handler.Abstract

org.eclipse.jetty.server.Handler.AbstractContainer

org.eclipse.jetty.server.Handler.Wrapper

org.eclipse.jetty.server.handler.ConditionalHandler

org.eclipse.jetty.server.handler.ConditionalHandler.ElseNext

org.eclipse.jetty.server.handler.DoSHandler

All Implemented Interfaces:

Handler, Handler.Container, Handler.Singleton, Request.Handler, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle, Invocable

@ManagedObject("DoS Prevention Handler")
public class DoSHandler
extends ConditionalHandler.ElseNext

A Denial of Service Handler that protects from attacks by limiting the request rate from remote clients.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	DoSHandler.DelayedRejectHandler	A Handler to reject DoS requests after first delaying them.
static class	DoSHandler.LeakingBucketTrackerFactory	The Tracker implements the classic Leaky Bucket Algorithm.
static class	DoSHandler.StatusRejectHandler	A Handler to reject DoS requests with a status code or failure.
static interface	DoSHandler.Tracker	A RateTracker is associated with an id, and stores request rate data.

Nested classes/interfaces inherited from class ConditionalHandler

ConditionalHandler.Abstract, ConditionalHandler.ConnectorPredicate, ConditionalHandler.DontHandle, ConditionalHandler.ElseNext, ConditionalHandler.InetAddressPatternPredicate, ConditionalHandler.MethodPredicate, ConditionalHandler.PathSpecPredicate, ConditionalHandler.PredicateSet, ConditionalHandler.Reject, ConditionalHandler.SkipNext

Nested classes/interfaces inherited from class Handler.Abstract

Handler.Abstract.NonBlocking

Nested classes/interfaces inherited from class AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface Container

Container.InheritedListener, Container.Listener

Nested classes/interfaces inherited from interface Dumpable

Dumpable.DumpableContainer, Dumpable.DumpAppendable

Nested classes/interfaces inherited from interface Handler

Handler.AbstractContainer, Handler.Collection, Handler.Container, Handler.Sequence, Handler.Singleton, Handler.Wrapper

Nested classes/interfaces inherited from interface Invocable

Invocable.Callable, Invocable.InvocationType, Invocable.ReadyTask, Invocable.Task

Nested classes/interfaces inherited from interface LifeCycle

LifeCycle.Listener

Nested classes/interfaces inherited from interface Request.Handler

Request.Handler.AbortException

Field Summary

Fields

Modifier and Type	Field	Description
static final Function<Request,String>	ID_FROM_CONNECTION	A Function to create a remote client identifier from ConnectionMetaData.getId() of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_ADDRESS	A Function to create a remote client identifier from the remote address of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_ADDRESS_PORT	A Function to create a remote client identifier from the remote address and remote port of a Request.
static final Function<Request,String>	ID_FROM_REMOTE_PORT	A Function to create a remote client identifier from the remote port of a Request.

Fields inherited from class AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface Dumpable

LEGEND

Fields inherited from interface Invocable

__nonBlocking, NOOP

Constructor Summary

Constructors

Constructor	Description
DoSHandler(Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers)
DoSHandler(DoSHandler.Tracker.Factory trackerFactory)
DoSHandler(Handler handler, Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers)
DoSHandler(Handler handler, Function<Request,String> clientIdFn, DoSHandler.Tracker.Factory trackerFactory, Request.Handler rejectHandler, int maxTrackers, boolean rejectUntracked)

Method Summary

Modifier and Type	Method	Description
protected void	doStart()	Starts the managed lifecycle beans in the order they were added.
protected void	doStop()	Stops the managed lifecycle beans in the reverse order they were added.
protected boolean	onConditionsMet(Request request, Response response, Callback callback)	Handle a request that has met the conditions.
void	setServer(Server server)	Set the Server to associate to this Handler.

Methods inherited from class ConditionalHandler.ElseNext

onConditionsNotMet

Methods inherited from class ConditionalHandler

clear, dump, exclude, exclude, exclude, excludeInetAddressPattern, excludeMethod, excludePath, from, from, handle, include, include, include, includeInetAddressPattern, includeMethod, includePath, nextHandler

Methods inherited from class Handler.Wrapper

getHandler, getInvocationType, setHandler

Methods inherited from class Handler.AbstractContainer

findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic

Methods inherited from class Handler.Abstract

destroy, getServer

Methods inherited from class ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface Container

getCachedBeans, getEventListeners

Methods inherited from interface Destroyable

destroy

Methods inherited from interface Dumpable

dumpSelf

Methods inherited from interface Dumpable.DumpableContainer

isDumpable

Methods inherited from interface Handler

getServer

Methods inherited from interface Handler.Container

getContainer, getDescendant, getDescendants, getDescendants

Methods inherited from interface Handler.Singleton

getHandlers, getTail, insertHandler, setHandler

Methods inherited from interface LifeCycle

addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

Field Details

ID_FROM_REMOTE_ADDRESS_PORT

public static final Function<Request,String> ID_FROM_REMOTE_ADDRESS_PORT

A Function to create a remote client identifier from the remote address and remote port of a Request.

ID_FROM_REMOTE_ADDRESS

public static final Function<Request,String> ID_FROM_REMOTE_ADDRESS

A Function to create a remote client identifier from the remote address of a Request.

ID_FROM_REMOTE_PORT

public static final Function<Request,String> ID_FROM_REMOTE_PORT

A Function to create a remote client identifier from the remote port of a Request. Useful if there is an untrusted intermediary, where the remote port can be a surrogate for the connection.

ID_FROM_CONNECTION

public static final Function<Request,String> ID_FROM_CONNECTION

A Function to create a remote client identifier from ConnectionMetaData.getId() of a Request.

Constructor Details

DoSHandler

public DoSHandler(@Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory)

Parameters:

trackerFactory - Factory to create a Tracker

DoSHandler

public DoSHandler(@Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers)

Parameters:

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

DoSHandler

public DoSHandler(@Name("handler")
 Handler handler,
 @Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers)

Parameters:

handler - Then next Handler or null

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

DoSHandler

public DoSHandler(@Name("handler")
 Handler handler,
 @Name("clientIdFn")
 Function<Request,String> clientIdFn,
 @Name("trackerFactory")
 DoSHandler.Tracker.Factory trackerFactory,
 @Name("rejectHandler")
 Request.Handler rejectHandler,
 @Name("maxTrackers")
 int maxTrackers,
 @Name("rejectUntracked")
 boolean rejectUntracked)

Parameters:

handler - Then next Handler or null

clientIdFn - Function to extract a remote client identifier from a request.

trackerFactory - Factory to create a Tracker

rejectHandler - A Handler used to reject excess requests, or null for a default.

maxTrackers - The maximum number of remote clients to track or -1 for a default value, 0 for unlimited. If this limit is exceeded, then requests from additional remote clients are rejected.

Method Details

setServer

public void setServer(Server server)

Description copied from interface: Handler

Set the Server to associate to this Handler.

Specified by:

setServer in interface Handler

Overrides:

setServer in class Handler.AbstractContainer

Parameters:

server - the Server to associate to this Handler

onConditionsMet

protected boolean onConditionsMet(Request request,
 Response response,
 Callback callback)
                           throws Exception

Description copied from class: ConditionalHandler

Handle a request that has met the conditions. Typically, the implementation will provide optional handling and then call the ConditionalHandler.nextHandler(Request, Response, Callback) method to continue handling.

Specified by:

onConditionsMet in class ConditionalHandler

Parameters:

request - The request to handle

response - The response to generate

callback - The callback for completion

Returns:

True if this handler will complete the callback

Throws:

Exception - If there is a problem handling

See Also:

• Request.Handler.handle(Request, Response, Callback)

doStart

protected void doStart()
                throws Exception

Description copied from class: ContainerLifeCycle

Starts the managed lifecycle beans in the order they were added.

Overrides:

doStart in class ConditionalHandler

Throws:

Exception - If there was a problem starting. Will cause a transition to FAILED state

doStop

protected void doStop()
               throws Exception

Description copied from class: ContainerLifeCycle

Stops the managed lifecycle beans in the reverse order they were added.

Overrides:

doStop in class Handler.Abstract

Throws:

Exception - If there was a problem stopping. Will cause a transition to FAILED state