How to prevent (hold refresh button) DoS Attack

My site is very dynamic and gathers data from a database. while I was testing, I pressed the refresh key and held it for a while, the server went down. (This is a simple DoS attack.) How can I stop the user from pressing the refresh button. Can anyone tell me a solution for this. Just like with gmail, go to your gmail account and press F5and hold it for a while. Gmail will display this message

"Sorry, but your Gmail account is temporarily unavailable. We apologize for the inconvenience and suggest trying again in a few minutes. You can view the app status bar for the current status of the service."

thank

+3


source to share


2 answers


Why not use a counter approach. Increase it until the threshold value is reached within a short interval, and if this happens, then block access.

The JSP for this would be something like this



 <% 
        int refresh;
        if(session.getAttribute("pageRefresh")==null)
             refresh=0;
        else
            refresh = (Integer)session.getAttribute("pageRefresh") + 1;


       session.setAttribute("pageRefresh", refresh); 

       session.setMaxInactiveInterval(10000);

       if (refresh>100)
       {
           //error message or black list client
       }
%>

      

0


source


You should use mod_evasive or mod_qos or mod_security
I prefer mod_security modsecurity_crs_11_dos_protection



+1


source







All Articles