Tomcat and flood protection

We are using Tomcat 7 for our web application. We provide an XML based API so that our customers can communicate with our server in a machine-to-machine way (no web browser needed). The requests are processed by a servlet.

We need to prevent users from sending too many requests in a row. Some of the services we provide involve polling for results and users may make requests in a loop without any pauses, making dozens of requests per second for nothing.

How can we protect ourselves from being flooded with useless requests? Is there a simple way to block requests at the servlet entry level when there are too many requests originating from the same IP? Is there something built-in Tomcat to deal with this problem?

Answer

Assuming that you are using an apache reverse-proxy in front of tomcat (if you aren’t you should be), use mod_cband on the apache layer.

Leave a Reply

Your email address will not be published. Required fields are marked *