Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2806

Implement a new DoS security provider

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.0.0
    • Server
    • None

    Description

      There is a need to implement a mechanism that prevents Knox from being attacked using DoS (Denial of Service).

      One elegant way is to reuse Jetty's own DoS filter in a way such that it can be configured as a new security provider:

      • Maven project name: gateway-provider-security-dos
      • Provider role: dos
      • Provider name: JettyDoS

      In case someone wants to use this new feature, the new provider declaration has to be added to the top of the providers (it must be documented). When this provider is present in the topology, Jetty's DosFilter has to be contributed to the filter chain. That is, a new ProviderDeploymentContributor should be implemented that inserts the org.eclipse.jetty.servlets.DoSFilter into each resource that is available in the topology.

      References:

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #634

          Activity

            People

              mrtnbalazs Marton Balázs
              smolnar Sandor Molnar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h
                  1h