Package org.eclipse.jetty.server.handler
Class ThreadLimitHandler
- java.lang.Object
-
- org.eclipse.jetty.util.component.AbstractLifeCycle
-
- org.eclipse.jetty.util.component.ContainerLifeCycle
-
- org.eclipse.jetty.server.handler.AbstractHandler
-
- org.eclipse.jetty.server.handler.AbstractHandlerContainer
-
- org.eclipse.jetty.server.handler.HandlerWrapper
-
- org.eclipse.jetty.server.handler.ThreadLimitHandler
-
- All Implemented Interfaces:
Handler
,HandlerContainer
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
public class ThreadLimitHandler extends HandlerWrapper
Handler to limit the threads per IP address for DOS protection
The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.
The handler makes a determination of the remote IP separately to any that may be made by the
ForwardedRequestCustomizer
or similar:- This handler will use either only a single style of forwarded header. This is on the assumption that a trusted local proxy will produce only a single forwarded header and that any additional headers are likely from untrusted client side proxies.
- If multiple instances of a forwarded header are provided, this handler will use the right-most instance, which will have been set from the trusted local proxy
This is a simpler alternative to DosFilter
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
ThreadLimitHandler.ReferenceCounter
private class
ThreadLimitHandler.Remote
private class
ThreadLimitHandler.RFC7239
-
Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler
AbstractHandler.ErrorDispatchHandler
-
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
-
-
Field Summary
Fields Modifier and Type Field Description private boolean
_enabled
private java.lang.String
_forwardedHeader
private IncludeExcludeSet<java.lang.String,java.net.InetAddress>
_includeExcludeSet
private java.util.concurrent.ConcurrentHashMap<java.lang.String,ThreadLimitHandler.Remote>
_remotes
private boolean
_rfc7239
private int
_threadLimit
private static Logger
LOG
private static java.lang.String
PERMIT
private static java.lang.String
REMOTE
-
Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
_handler
-
-
Constructor Summary
Constructors Constructor Description ThreadLimitHandler()
ThreadLimitHandler(java.lang.String forwardedHeader)
ThreadLimitHandler(java.lang.String forwardedHeader, boolean rfc7239)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doStart()
Starts the managed lifecycle beans in the order they were added.void
exclude(java.lang.String inetAddressPattern)
private java.lang.String
getForwarded(Request request)
protected ThreadLimitHandler.Remote
getRemote(Request baseRequest)
(package private) int
getRemoteCount()
protected java.lang.String
getRemoteIP(Request baseRequest)
int
getThreadLimit()
protected int
getThreadLimit(java.lang.String ip)
private java.lang.String
getXForwardedFor(Request request)
void
handle(java.lang.String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Handle a request.void
include(java.lang.String inetAddressPattern)
boolean
isEnabled()
void
setEnabled(boolean enabled)
void
setThreadLimit(int threadLimit)
-
Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
-
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
doShutdown, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
-
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler
doError, doStop, getServer
-
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
-
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
-
Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
-
-
-
-
Field Detail
-
LOG
private static final Logger LOG
-
REMOTE
private static final java.lang.String REMOTE
- See Also:
- Constant Field Values
-
PERMIT
private static final java.lang.String PERMIT
- See Also:
- Constant Field Values
-
_rfc7239
private final boolean _rfc7239
-
_forwardedHeader
private final java.lang.String _forwardedHeader
-
_includeExcludeSet
private final IncludeExcludeSet<java.lang.String,java.net.InetAddress> _includeExcludeSet
-
_remotes
private final java.util.concurrent.ConcurrentHashMap<java.lang.String,ThreadLimitHandler.Remote> _remotes
-
_enabled
private volatile boolean _enabled
-
_threadLimit
private int _threadLimit
-
-
Constructor Detail
-
ThreadLimitHandler
public ThreadLimitHandler()
-
ThreadLimitHandler
public ThreadLimitHandler(@Name("forwardedHeader") java.lang.String forwardedHeader)
-
-
Method Detail
-
doStart
protected void doStart() throws java.lang.Exception
Description copied from class:ContainerLifeCycle
Starts the managed lifecycle beans in the order they were added.- Overrides:
doStart
in classAbstractHandler
- Throws:
java.lang.Exception
-
isEnabled
@ManagedAttribute("true if this handler is enabled") public boolean isEnabled()
-
setEnabled
public void setEnabled(boolean enabled)
-
getThreadLimit
@ManagedAttribute("The maximum threads that can be dispatched per remote IP") public int getThreadLimit()
-
setThreadLimit
public void setThreadLimit(int threadLimit)
-
include
@ManagedOperation("Include IP in thread limits") public void include(java.lang.String inetAddressPattern)
-
exclude
@ManagedOperation("Exclude IP from thread limits") public void exclude(java.lang.String inetAddressPattern)
-
handle
public void handle(java.lang.String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
Description copied from interface:Handler
Handle a request.- Specified by:
handle
in interfaceHandler
- Overrides:
handle
in classHandlerWrapper
- Parameters:
target
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as theRequest
object or a wrapper of that request. The
method can be used access the Request object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getRequest()
response
- The response as theResponse
object or a wrapper of that request. The
method can be used access the Response object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getResponse()
- Throws:
java.io.IOException
- if unable to handle the request or response processingjavax.servlet.ServletException
- if unable to handle the request or response due to underlying servlet issue
-
getThreadLimit
protected int getThreadLimit(java.lang.String ip)
-
getRemote
protected ThreadLimitHandler.Remote getRemote(Request baseRequest)
-
getRemoteIP
protected java.lang.String getRemoteIP(Request baseRequest)
-
getForwarded
private java.lang.String getForwarded(Request request)
-
getXForwardedFor
private java.lang.String getXForwardedFor(Request request)
-
getRemoteCount
int getRemoteCount()
-
-