users@grizzly.java.net

Getting a handle to the initial connection + other questions

From: Alan Williamson <alan_at_blog-city.com>
Date: Mon, 26 Nov 2007 23:23:39 +0000

Good day to you all,

I am kinda new to Grizzly and on the face of it, it looks very
interesting and definitely something that may help us. We currently
have our own HTTP frontend server performing load balancing infront of a
farm of JETTY servers.


___ Question #1 ___

One of the things we need to do, is to determine whether or not an IP
address is allowed to connect. We basically want to nuke this
connection as soon as the "accept()" method has been called and the
Socket created.

This stops a lot of spammers from consuming resources they shouldn't be
anywhere near. Our current frontend server sandboxes the IP for a small
period of time and we've noticed that this has reduced a load.

So in terms of the Grizzly how could one get a handle to the incoming
connection as soon as possible and determine whether or not they are
permitted to continue?

One the adapter code has triggered the "service()" method, then the
header is already in. It's a bit late at that point. Out of interest,
what is the cleanest way to nuke a connection at this stage

___ Question #2 ___

Running a large blog site you see a whole manner of nasty clients trying
to really mess with you. One of things we see a lot of, is clients that
will attempt a subtle DoS attack. They basically drip feed bytes to the
server in such a speed as not to trip up any of the SO_TIMEOUT alarms.
So one character a second for example, could tie up a connection for
minutes. It doesn't take a lot of effort to really consume a server
connections waiting.

We've taken the approach, that if the complete HTTP header is not
received within X seconds (5 we have found to be acceptable) then we
deny this client from going on any further.

Again, how would one manage this with Grizzly?



Thanks again, and i look forward to hearing back and getting my sleeves
rolled up with this one.

alan

-- 
Alan Williamson
  "a wiki -and- a blog" @ http://www.Blog-City.com/
  b: http://alan.blog-city.com/