How to prevent (hold refresh button) DoS Attack

Question

How to prevent (hold refresh button) DoS Attack

My site is very dynamic and gathers data from a database. while I was testing, I pressed the refresh key and held it for a while, the server went down. (This is a simple DoS attack.) How can I stop the user from pressing the refresh button. Can anyone tell me a solution for this. Just like with gmail, go to your gmail account and press F5and hold it for a while. Gmail will display this message

"Sorry, but your Gmail account is temporarily unavailable. We apologize for the inconvenience and suggest trying again in a few minutes. You can view the app status bar for the current status of the service."

thank

+3

javascript jsp servlets

AL̲̳I 28 jan. 13 at 13:47

source to share

2 answers

You should use mod_evasive or mod_qos or mod_security
I prefer mod_security modsecurity_crs_11_dos_protection

+1

h0St23 20 Mar 14 at 21:09

source to share

Gaurav Wadhwani · Accepted Answer · 2013-02-01T17:31:06+0000

Why not use a counter approach. Increase it until the threshold value is reached within a short interval, and if this happens, then block access.

The JSP for this would be something like this

 <% 
        int refresh;
        if(session.getAttribute("pageRefresh")==null)
             refresh=0;
        else
            refresh = (Integer)session.getAttribute("pageRefresh") + 1;


       session.setAttribute("pageRefresh", refresh); 

       session.setMaxInactiveInterval(10000);

       if (refresh>100)
       {
           //error message or black list client
       }
%>

How to prevent (hold refresh button) DoS Attack

More articles: