Sun Java System Web Server 7.0 Update 5 Administrator's Guide

Preventing Denial-of-Service Attack

Denial-of-Service (DoS) attack is an explicit attempt to prevent legitimate users from using a service by some malicious users of the Server. Such an attack can be launched by sending continuous requests to the server for a particular web resource.

Web Server can detect DoS attack by monitoring frequently accessed URI and denying requests if the request frequency is high.

The following sections describes how you can prevent DoS attacks at the virtual server level.

Limiting Requests to the Server

You can now tweak the server to prevent Denial-Of-Service attacks by configuring request limits and monitoring maximum number of connections per virtual server. Configuring some of these values may affect the server's performance.

To configure request limits for the server, click Configuration > Virtual Servers > Server Settings > Request Limits. Configure the parameters listed in the following table.

Table 7–4 Configuring Request Limit



Request Limits

Enable/Disable request limits for this virtual server. Request limits option is disabled by default. 

Maximum Connections

Maximum number of concurrent connections allowed for this virtual server. 

Maximum RPS

Maximum number of requests allowed from a client per second. 

RPS Compute Interval

The time interval in which the average request per second (RPS) is calculated. Default values is 30 seconds. 

Continue Condition

Determines what condition must be met in order for a blocked request type to become available again for servicing. 

silence — Refused requests must fall to zero (over a subsequent interval) for service to resume.

threshold — Refused request rate must fall below RPS threshold for service to resume.

The default values is threshold. 

Error Code

The HTTP status code to use for blocked requests. The default code is HTTP 503 — Service Unavailable. The value must be between 400 and 599. 

Monitor Attribute

An optional request attribute to monitor. 

Note –

Using CLI

To limit the requests to the server through CLI, execute the following command.

wadm> enable-request-limits --user=admin --password-file=admin.pwd 
--host=serverhost --port=8989 --config=config1 --vs=config1_vs_1

See CLI Reference, enable-request-limits(1).

ProcedureTo Limit the Maximum Number of Connections

You can limit the maximum number of concurrent connections. If a matching request is received while there are at least the specified number of requests being processed, the request is rejected. Note that the rejection of request only occurs for that particular time. As soon as concurrent requests drops below this limit new requests will be processed.

  1. Click the Configuration tab.

  2. Select your configuration from the list.

  3. Select your virtual server under the Virtual Server tab.

  4. Click Server Settings > Request Limits.

  5. Enter a value for Maximum Connections section.