mod_jk and mod_evasive are now working perfectly with my glassfish v3.
I found out that the new procedure described by jfarcand is much
easier than the older mod_jk configs.
unfortunately, even though mod_evasive works (like after clicking
refresh repetitively gets you a 403) slowsaris.pl still effects gf v3.
best.
On Sun, Feb 7, 2010 at 3:13 AM, <jcfolsom_at_pureperfect.com> wrote:
>
> mod_evasive is the only thing that I know of that is HTTP specific. Really
> though, ddos is an network issue and not specific to even IP let alone HTTP.
> I don't know enough about firewalls though to help you out, but please keep
> us posted on what you find.
>
>
> -------- Original Message --------
> Subject: Re: glassfish DoS attack test - confirmed
> From: Cam Bazz <cambazz_at_gmail.com>
> Date: Sat, February 06, 2010 7:01 pm
> To: users_at_glassfish.dev.java.net
>
> well, right when i was reading about mod_evasive, on
> http://bahumbug.wordpress.com/2009/06/21/slowloris/ - that someone
> commented that mod_evasive was not able to defend againist slowaris
>
> Best.
>
> On Sun, Feb 7, 2010 at 1:50 AM, Cam Bazz <cambazz_at_gmail.com> wrote:
>> ah thank you jcfolsom... any documentation about this? best..
>>
>> On Sun, Feb 7, 2010 at 1:42 AM, <jcfolsom_at_pureperfect.com> wrote:
>>>
>>> It's probably a good idea to run Glassfish behind Apache with mod_evasive
>>> instead of on the public web.
>>>
>>>
>>> -------- Original Message --------
>>> Subject: glassfish DoS attack test - confirmed
>>> From: Cam Bazz <cambazz_at_gmail.com>
>>> Date: Sat, February 06, 2010 5:21 pm
>>> To: users_at_glassfish.dev.java.net
>>>
>>> Hello,
>>>
>>> Investigating why my glassfish v3 pauses, and following a previous
>>> thread on this list, i have found that the slowaris.pl perl script,
>>> does indeed bring glassfish v3 to its knees. It will not leave
>>> anything in the access logs, nor the server logs, but it does cause
>>> the same effect (glassfish pausing for certain period of times,
>>> usually until these threads times out)
>>>
>>> I have not verified the attack signature, which means that I dont know
>>> if my glassfish is having problems because of an attack, but I have
>>> run the exploit script againist my own server, and it generates the
>>> same effect.
>>>
>>> I also have made a simple program that just connects to a pingservlet,
>>> which just prints new date, and the total connection time is measured
>>> so I could study the problem methodically.
>>>
>>> Best Regards,
>>> -C.B.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>> --------------------------------------------------------------------- To
>>> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>> additional
>>> commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For additional
> commands, e-mail: users-help_at_glassfish.dev.java.net