Package org.eclipse.jetty.server.handler

Class ThreadLimitHandler

  • All Implemented Interfaces:
    Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
    public class ThreadLimitHandler
extends HandlerWrapper

    Handler to limit the threads per IP address for DOS protection

    The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.

    The handler makes a determination of the remote IP separately to any that may be made by the ForwardedRequestCustomizer or similar:

    • This handler will use either only a single style of forwarded header. This is on the assumption that a trusted local proxy will produce only a single forwarded header and that any additional headers are likely from untrusted client side proxies.
    • If multiple instances of a forwarded header are provided, this handler will use the right-most instance, which will have been set from the trusted local proxy
    Requests in excess of the limit will be asynchronously suspended until a thread is available.

    This is a simpler alternative to DosFilter

    • Field Detail

      • LOG

        private static final Logger LOG

      • _rfc7239

        private final boolean _rfc7239

      • _forwardedHeader

        private final java.lang.String _forwardedHeader

      • _includeExcludeSet

        private final IncludeExcludeSet<java.lang.String,​java.net.InetAddress> _includeExcludeSet

      • _enabled

        private volatile boolean _enabled

      • _threadLimit

        private int _threadLimit

    • Constructor Detail

      • ThreadLimitHandler

        public ThreadLimitHandler()

      • ThreadLimitHandler

        public ThreadLimitHandler​(@Name("forwardedHeader")
                          java.lang.String forwardedHeader)

      • ThreadLimitHandler

        public ThreadLimitHandler​(@Name("forwardedHeader")
                          java.lang.String forwardedHeader,
                          @Name("rfc7239")
                          boolean rfc7239)

    • Method Detail

      • doStart

        protected void doStart()
                throws java.lang.Exception
        Description copied from class: ContainerLifeCycle
        Starts the managed lifecycle beans in the order they were added.
        Overrides:
        doStart in class AbstractHandler
        Throws:
        java.lang.Exception

      • isEnabled

        @ManagedAttribute("true if this handler is enabled")
public boolean isEnabled()

      • setEnabled

        public void setEnabled​(boolean enabled)

      • getThreadLimit

        @ManagedAttribute("The maximum threads that can be dispatched per remote IP")
public int getThreadLimit()

      • setThreadLimit

        public void setThreadLimit​(int threadLimit)

      • include

        @ManagedOperation("Include IP in thread limits")
public void include​(java.lang.String inetAddressPattern)

      • exclude

        @ManagedOperation("Exclude IP from thread limits")
public void exclude​(java.lang.String inetAddressPattern)

      • handle

        public void handle​(java.lang.String target,
                   Request baseRequest,
                   javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Description copied from interface: Handler
        Handle a request.
        Specified by:
        handle in interface Handler
        Overrides:
        handle in class HandlerWrapper
        Parameters:
        target - The target of the request - either a URI or a name.
        baseRequest - The original unwrapped request object.
        request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
        response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
        Throws:
        java.io.IOException - if unable to handle the request or response processing
        javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

      • getThreadLimit

        protected int getThreadLimit​(java.lang.String ip)

      • getRemoteIP

        protected java.lang.String getRemoteIP​(Request baseRequest)

      • getForwarded

        private java.lang.String getForwarded​(Request request)

      • getXForwardedFor

        private java.lang.String getXForwardedFor​(Request request)

      • getRemoteCount

        int getRemoteCount()