Hello,
I have the following ucls in my web-application:
/register.do (for registering in the system)
/login.do (for logging in to the system)
/post.do (for making a post)
I'd like to limit number of allowed from requests per minute/hour per each IP address, in order to prevent DoS-kind of attacks.
For example, I want to allow maximum of 3 registrations per hour from the same IP, maximum of 10 logins per hour, and maximum of 20 posts per hour.
Since I couldn't find any open-source solutions for the above requirements, I'm gonna build it myself.
Currently, I'm thinking of two options:
1) Storing IP/ucl/TIME information in the Database, and having a servlet filter, checking if the limitation is reached for a certain ucl
2) Storing such data in memory (expiring cache-like structure) + servlet filter, but I'm worried on memory size limitations, since number of distinct IPs/ucls may be large.
What do you think? Are there any other options available? Storing and reading data from DB from a filter may be time consuming, I guess.
Thanks.
Anyone has any solutions? |
Post at 2011-4-15 14:34
| This Author's Posts Only
