Slow HTTP Denial of Service Attack vulnerability encountered in spring boot project

Others 2022-04-28 13:11:06 views: 0



Problem Description:

It is called slow HTTP attack vulnerability in Chinese . HTTPPOST is used : When POSTing , specify a very large content-length , and then send packets at a very low speed, such as sending a byte in 10-100s , hold the connection and keep it from disconnecting. In this way, when there are too many client connections, all the available connections of the webserver are occupied, resulting in DOS .

solution:

Limit the maximum allowable time for the HTTP header transmission of the web server , and modify it to a maximum allowable time of 20 seconds . If the vulnerability still exists, you need to modify the maximum allowable time to a smaller value. In springBoot , write a configuration class to set Tomcat and set its connection timeout time. If there is still this vulnerability after setting, then the connection time needs to be reduced.





packagecom.qzt.common.config;



importorg.apache.catalina.connector.Connector;

importorg.apache.coyote.http11.Http11NioProtocol;

importorg.springframework.boot.context.embedded.EmbeddedServletContainerFactory;

importorg.springframework.boot.context.embedded.tomcat.TomcatConnectorCustomizer;

importorg.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;

importorg.springframework.context.annotation.Bean;

importorg.springframework.context.annotation.Configuration;

@Configuration

publicclass WebServerConfiguration

{

@Bean

publicEmbeddedServletContainerFactorycreateEmbeddedServletContainerFactory()

{

TomcatEmbeddedServletContainerFactorytomcatFactory = new TomcatEmbeddedServletContainerFactory();

// tomcatFactory.setPort(8081);

tomcatFactory.addConnectorCustomizers(newMyTomcatConnectorCustomizer());

returntomcatFactory;

}

}

classMyTomcatConnectorCustomizer implements TomcatConnectorCustomizer

{

publicvoid customize(Connector connector)

{

Http11NioProtocolprotocol = (Http11NioProtocol) connector.getProtocolHandler();

//设置最大连接数

// protocol.setMaxConnections(2000);

//设置最大线程数

// protocol.setMaxThreads(2000);

protocol.setConnectionTimeout(8000); //就是这一句起作用了

}

}



此问题的修复还有其他两种配置的方式(链接下有不同类对Tomcat进行设置):https://www.cnblogs.com/softidea/p/5751596.html


Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326354972&siteId=291194637
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com