Class DoSFilter

java.lang.Object
org.eclipse.jetty.servlets.DoSFilter
All Implemented Interfaces:
javax.servlet.Filter
Direct Known Subclasses:
CloseableDoSFilter
@ManagedObject("limits exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client") public class DoSFilter extends Object implements javax.servlet.Filter
Denial of Service filter

This filter is useful for limiting exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client.

The filter keeps track of the number of requests from a connection per second. If a limit is exceeded, the request is either rejected, delayed, or throttled.

When a request is throttled, it is placed in a queue and will only proceed when there is capacity.

The extractUserId(ServletRequest request) function should be implemented, in order to uniquely identify authenticated users.

The following init parameters control the behavior of the filter:

maxRequestsPerSec
the maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.
delayMs
is the delay given to all requests over the rate limit, before they are considered at all. -1 means just reject request, 0 means no delay, otherwise it is the delay.
maxWaitMs
how long to blocking wait for the throttle semaphore.
throttledRequests
is the number of requests over the rate limit able to be considered at once.
throttleMs
how long to async wait for semaphore.
maxRequestMs
how long to allow this request to run.
maxIdleTrackerMs
how long to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it
insertHeaders
if true , insert the DoSFilter headers into the response. Defaults to true.
remotePort
if true then rate is tracked by IP+port (effectively connection). Defaults to false.
ipWhitelist
a comma-separated list of IP addresses that will not be rate limited
managedAttr
if set to true, then this servlet is set as a ServletContext attribute with the filter name as the attribute name. This allows context external mechanism (eg JMX via ContextHandler.MANAGED_ATTRIBUTES) to manage the configuration of the filter.
tooManyCode
The status code to send if there are too many requests. By default is 429 (too many requests), but 503 (Unavailable) is another option

This filter should be configured for DispatcherType.REQUEST and DispatcherType.ASYNC and with <async-supported>true</async-supported>.

  • Field Details

    • LOG

      private static final Logger LOG

    • IPv4_GROUP

      private static final String IPv4_GROUP
      See Also:

    • IPv4_PATTERN

      private static final Pattern IPv4_PATTERN

    • IPv6_GROUP

      private static final String IPv6_GROUP
      See Also:

    • IPv6_PATTERN

      private static final Pattern IPv6_PATTERN

    • CIDR_PATTERN

      private static final Pattern CIDR_PATTERN

    • __TRACKER

      private static final String __TRACKER
      See Also:

    • __THROTTLED

      private static final String __THROTTLED
      See Also:

    • __DEFAULT_MAX_REQUESTS_PER_SEC

      private static final int __DEFAULT_MAX_REQUESTS_PER_SEC
      See Also:

    • __DEFAULT_DELAY_MS

      private static final int __DEFAULT_DELAY_MS
      See Also:

    • __DEFAULT_THROTTLE

      private static final int __DEFAULT_THROTTLE
      See Also:

    • __DEFAULT_MAX_WAIT_MS

      private static final int __DEFAULT_MAX_WAIT_MS
      See Also:

    • __DEFAULT_THROTTLE_MS

      private static final long __DEFAULT_THROTTLE_MS
      See Also:

    • __DEFAULT_MAX_REQUEST_MS_INIT_PARAM

      private static final long __DEFAULT_MAX_REQUEST_MS_INIT_PARAM
      See Also:

    • __DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM

      private static final long __DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM
      See Also:

    • MANAGED_ATTR_INIT_PARAM

      static final String MANAGED_ATTR_INIT_PARAM
      See Also:

    • MAX_REQUESTS_PER_S_INIT_PARAM

      static final String MAX_REQUESTS_PER_S_INIT_PARAM
      See Also:

    • DELAY_MS_INIT_PARAM

      static final String DELAY_MS_INIT_PARAM
      See Also:

    • THROTTLED_REQUESTS_INIT_PARAM

      static final String THROTTLED_REQUESTS_INIT_PARAM
      See Also:

    • MAX_WAIT_INIT_PARAM

      static final String MAX_WAIT_INIT_PARAM
      See Also:

    • THROTTLE_MS_INIT_PARAM

      static final String THROTTLE_MS_INIT_PARAM
      See Also:

    • MAX_REQUEST_MS_INIT_PARAM

      static final String MAX_REQUEST_MS_INIT_PARAM
      See Also:

    • MAX_IDLE_TRACKER_MS_INIT_PARAM

      static final String MAX_IDLE_TRACKER_MS_INIT_PARAM
      See Also:

    • INSERT_HEADERS_INIT_PARAM

      static final String INSERT_HEADERS_INIT_PARAM
      See Also:

    • TRACK_SESSIONS_INIT_PARAM

      @Deprecated static final String TRACK_SESSIONS_INIT_PARAM
      Deprecated.
      See Also:

    • REMOTE_PORT_INIT_PARAM

      static final String REMOTE_PORT_INIT_PARAM
      See Also:

    • IP_WHITELIST_INIT_PARAM

      static final String IP_WHITELIST_INIT_PARAM
      See Also:

    • ENABLED_INIT_PARAM

      static final String ENABLED_INIT_PARAM
      See Also:

    • TOO_MANY_CODE

      static final String TOO_MANY_CODE
      See Also:

    • _suspended

      private final String _suspended

    • _resumed

      private final String _resumed

    • _rateTrackers

      private final ConcurrentHashMap<String, DoSFilter.RateTracker> _rateTrackers

    • _whitelist

      private final List<String> _whitelist

    • _tooManyCode

      private int _tooManyCode

    • _delayMs

      private volatile long _delayMs

    • _throttleMs

      private volatile long _throttleMs

    • _maxWaitMs

      private volatile long _maxWaitMs

    • _maxRequestMs

      private volatile long _maxRequestMs

    • _maxIdleTrackerMs

      private volatile long _maxIdleTrackerMs

    • _insertHeaders

      private volatile boolean _insertHeaders

    • _remotePort

      private volatile boolean _remotePort

    • _enabled

      private volatile boolean _enabled

    • _name

      private volatile String _name

    • _listener

      private DoSFilter.Listener _listener

    • _passes

      private Semaphore _passes

    • _throttledRequests

      private volatile int _throttledRequests

    • _maxRequestsPerSec

      private volatile int _maxRequestsPerSec

    • _queue

      private final Queue<javax.servlet.AsyncContext> _queue

    • _asyncListener

      private final javax.servlet.AsyncListener _asyncListener

    • _scheduler

      private Scheduler _scheduler

    • _context

      private javax.servlet.ServletContext _context

  • Constructor Details

    • DoSFilter

      public DoSFilter()

  • Method Details

    • init

      public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException

    • startScheduler

      protected Scheduler startScheduler() throws javax.servlet.ServletException
      Throws:
      javax.servlet.ServletException

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      IOException
      javax.servlet.ServletException

    • doFilter

      protected void doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
      Throws:
      IOException
      javax.servlet.ServletException

    • throttleRequest

      private void throttleRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, DoSFilter.RateTracker tracker) throws IOException, javax.servlet.ServletException
      Throws:
      IOException
      javax.servlet.ServletException

    • doFilterChain

      protected void doFilterChain(javax.servlet.FilterChain chain, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Throws:
      IOException
      javax.servlet.ServletException

    • onRequestTimeout

      protected void onRequestTimeout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Thread handlingThread)
      Invoked when the request handling exceeds getMaxRequestMs().

      By default, an HTTP 503 response is returned and the handling thread is interrupted.

      Parameters:
      request - the current request
      response - the current response
      handlingThread - the handling thread

    • closeConnection

      @Deprecated protected void closeConnection(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Thread thread)
      Deprecated.
      use onRequestTimeout(HttpServletRequest, HttpServletResponse, Thread) instead
      Parameters:
      request - the current request
      response - the current response
      thread - the handling thread

    • getMaxPriority

      @Deprecated protected DoSFilter.RateType getMaxPriority()
      Deprecated.
      Priority no longer supported
      Returns:
      null

    • setListener

      public void setListener(DoSFilter.Listener listener)

    • getListener

      public DoSFilter.Listener getListener()

    • schedule

      private void schedule(DoSFilter.RateTracker tracker)

    • getRateTracker

      DoSFilter.RateTracker getRateTracker(javax.servlet.ServletRequest request)
      Return a request rate tracker associated with this connection; keeps track of this connection's request rate. If this is not the first request from this connection, return the existing object with the stored stats. If it is the first request, then create a new request tracker.

      Assumes that each connection has an identifying characteristic, and goes through them in order, taking the first that matches: user id (logged in), client IP address. Unidentifiable connections are lumped into one.

      Parameters:
      request - the current request
      Returns:
      the request rate tracker for the current connection

    • addToRateTracker

      private void addToRateTracker(DoSFilter.RateTracker tracker)

    • removeFromRateTracker

      public void removeFromRateTracker(String id)

    • checkWhitelist

      protected boolean checkWhitelist(String candidate)

    • checkWhitelist

      @Deprecated protected boolean checkWhitelist(List<String> whitelist, String candidate)
      Deprecated.

    • subnetMatch

      protected boolean subnetMatch(String subnetAddress, String address)

    • addressToBytes

      private byte[] addressToBytes(String address)

    • prefixToBytes

      private byte[] prefixToBytes(int prefix, int length)

    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter

    • stopScheduler

      protected void stopScheduler()

    • extractUserId

      @Deprecated protected String extractUserId(javax.servlet.ServletRequest request)
      Deprecated.
      User ID no longer supported
      Parameters:
      request - ignored
      Returns:
      null

    • getMaxRequestsPerSec

      @ManagedAttribute("maximum number of requests allowed from a connection per second") public int getMaxRequestsPerSec()
      Get maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.
      Returns:
      maximum number of requests

    • setMaxRequestsPerSec

      public void setMaxRequestsPerSec(int value)
      Get maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.
      Parameters:
      value - maximum number of requests

    • getDelayMs

      @ManagedAttribute("delay applied to all requests over the rate limit (in ms)") public long getDelayMs()
      Get delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.
      Returns:
      the delay in milliseconds

    • setDelayMs

      public void setDelayMs(long value)
      Set delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.
      Parameters:
      value - delay (in milliseconds), 0 - no delay, -1 - reject request

    • getMaxWaitMs

      @ManagedAttribute("maximum time the filter will block waiting throttled connections, (0 for no delay, -1 to reject requests)") public long getMaxWaitMs()
      Get maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.
      Returns:
      maximum wait time

    • setMaxWaitMs

      public void setMaxWaitMs(long value)
      Set maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.
      Parameters:
      value - maximum wait time

    • getThrottledRequests

      @ManagedAttribute("number of requests over rate limit") public int getThrottledRequests()
      Get number of requests over the rate limit able to be considered at once.
      Returns:
      number of requests

    • setThrottledRequests

      public void setThrottledRequests(int value)
      Set number of requests over the rate limit able to be considered at once.
      Parameters:
      value - number of requests

    • getThrottleMs

      @ManagedAttribute("amount of time to async wait for semaphore") public long getThrottleMs()
      Get amount of time (in milliseconds) to async wait for semaphore.
      Returns:
      wait time

    • setThrottleMs

      public void setThrottleMs(long value)
      Set amount of time (in milliseconds) to async wait for semaphore.
      Parameters:
      value - wait time

    • getMaxRequestMs

      @ManagedAttribute("maximum time to allow requests to process (in ms)") public long getMaxRequestMs()
      Get maximum amount of time (in milliseconds) to allow the request to process.
      Returns:
      maximum processing time

    • setMaxRequestMs

      public void setMaxRequestMs(long value)
      Set maximum amount of time (in milliseconds) to allow the request to process.
      Parameters:
      value - maximum processing time

    • getMaxIdleTrackerMs

      @ManagedAttribute("maximum time to track of request rates for connection before discarding") public long getMaxIdleTrackerMs()
      Get maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.
      Returns:
      maximum tracking time

    • setMaxIdleTrackerMs

      public void setMaxIdleTrackerMs(long value)
      Set maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.
      Parameters:
      value - maximum tracking time

    • getName

      public String getName()
      The unique name of the filter when there is more than one DosFilter instance.
      Returns:
      the name

    • setName

      public void setName(String name)
      Parameters:
      name - the name to set

    • isInsertHeaders

      @ManagedAttribute("inser DoSFilter headers in response") public boolean isInsertHeaders()
      Check flag to insert the DoSFilter headers into the response.
      Returns:
      value of the flag

    • setInsertHeaders

      public void setInsertHeaders(boolean value)
      Set flag to insert the DoSFilter headers into the response.
      Parameters:
      value - value of the flag

    • isTrackSessions

      @Deprecated public boolean isTrackSessions()
      Deprecated.
      Session tracking is no longer supported
      Get flag to have usage rate tracked by session if a session exists.
      Returns:
      value of the flag

    • setTrackSessions

      @Deprecated public void setTrackSessions(boolean value)
      Deprecated.
      Session tracking is no longer supported
      Set flag to have usage rate tracked by session if a session exists.
      Parameters:
      value - value of the flag

    • isRemotePort

      @ManagedAttribute("usage rate is tracked by IP+port is session tracking not used") public boolean isRemotePort()
      Get flag to have usage rate tracked by IP+port (effectively connection)
      Returns:
      value of the flag

    • setRemotePort

      public void setRemotePort(boolean value)
      Set flag to have usage rate tracked by IP+port (effectively connection)
      Parameters:
      value - value of the flag

    • isEnabled

      @ManagedAttribute("whether this filter is enabled") public boolean isEnabled()
      Returns:
      whether this filter is enabled

    • setEnabled

      public void setEnabled(boolean enabled)
      Parameters:
      enabled - whether this filter is enabled

    • getTooManyCode

      public int getTooManyCode()
      Status code for Rejected for too many requests.
      Returns:
      the configured status code (default: 429 - Too Many Requests)

    • setTooManyCode

      public void setTooManyCode(int tooManyCode)

    • getWhitelist

      @ManagedAttribute("list of IPs that will not be rate limited") public String getWhitelist()
      Get a list of IP addresses that will not be rate limited.
      Returns:
      comma-separated whitelist

    • setWhitelist

      public void setWhitelist(String commaSeparatedList)
      Set a list of IP addresses that will not be rate limited.
      Parameters:
      commaSeparatedList - comma-separated whitelist

    • clearWhitelist

      @ManagedOperation("clears the list of IP addresses that will not be rate limited") public void clearWhitelist()
      Clears the list of whitelisted IP addresses

    • addWhitelistAddress

      @ManagedOperation("adds an IP address that will not be rate limited") public boolean addWhitelistAddress(@Name("address") String address)
      Adds the given IP address, either in the form of a dotted decimal notation A.B.C.D or in the CIDR notation A.B.C.D/M, to the list of whitelisted IP addresses.
      Parameters:
      address - the address to add
      Returns:
      whether the address was added to the list
      See Also:

    • addWhitelistAddress

      private boolean addWhitelistAddress(List<String> list, String address)

    • removeWhitelistAddress

      @ManagedOperation("removes an IP address that will not be rate limited") public boolean removeWhitelistAddress(@Name("address") String address)
      Removes the given address from the list of whitelisted IP addresses.
      Parameters:
      address - the address to remove
      Returns:
      whether the address was removed from the list
      See Also:

    • createRemotePortId

      private String createRemotePortId(javax.servlet.ServletRequest request)