Advanced Search

a simple java servlet filter solution against Ddos attacks

/ Published in: Java
Save to your folder(s)
a simple solution that illustrates a very practical usage of java filters, in this example we try to block any Ddos attack, spam access and route clients or visitors to there corresponding pages.
note: please test before use, then use at your own risk.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. import java.io.IOException;
  2. import java.util.Scanner;
  3. import javax.servlet.Filter;
  4. import javax.servlet.FilterChain;
  5. import javax.servlet.FilterConfig;
  6. import javax.servlet.ServletException;
  7. import javax.servlet.ServletRequest;
  8. import javax.servlet.ServletResponse;
  9. import javax.servlet.annotation.WebFilter;
  10. import javax.servlet.http.HttpServletRequest;
  11. import javax.servlet.http.HttpServletResponse;
  12. import javax.servlet.http.HttpSession;
  13.  
  14. /**
  15.  * Servlet Filter implementation class filter
  16.  * @author prgrmmr.aben [at] gmail (dot) com
  17.  * http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html
  18.  * please give back a small donation if you find
  19.  * this little educational snippet of code useful
  20.  */
  21. @WebFilter("/filter")
  22. public class filter implements Filter {
  23.  
  24.     /**
  25.      * Default constructor. 
  26.      */
  27.     public filter() {
  28.         // TODO Auto-generated constructor stub
  29.     }
  30.  
  31.  /**
  32.   * @see Filter#destroy()
  33.   */
  34.  public void destroy() {
  35.   // TODO Auto-generated method stub
  36.  }
  37.  
  38.  /**
  39.   * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
  40.   */
  41.  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  42.   HttpSession session;
  43.   System.out.println("being filtered"); //you can use logging instead
  44.   HttpServletRequest req = (HttpServletRequest)request;
  45.   HttpServletResponse res = (HttpServletResponse)response;
  46.                 res.addHeader("X-FRAME-OPTIONS", "DENY" ); 
  47.   String requestedPath = req.getRequestURI().substring(req.getContextPath().length());
  48.                 // I was using the test bellow when developing the app
  49.   /*Scanner verify = new Scanner(System.in);
  50.   if(verify.nextInt()==0){
  51.    req.getSession().invalidate();
  52.   }*/
  53.   session = req.getSession(false);
  54.   if(req.getSession(false) == null){
  55.    session = req.getSession(true);
  56.    sessionInit(session);
  57.    req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
  58.   }else{
  59.    long timeElapsed =  System.currentTimeMillis() - (long) session.getAttribute("lastTime"); 
  60.    System.out.println(timeElapsed);
  61.    System.out.println("seen");
  62.    if(session.getAttribute("spam").equals(true))
  63.     System.out.println("spams are not allowed"); //you can use logging instead
  64.    else if (timeElapsed<2000) {
  65.     session.setAttribute("spam", true);
  66.     System.out.println("spam need to be blocked");
  67.    }else if (session.getAttribute("logged").equals(false)) {
  68.     session.setAttribute("lastTime", System.currentTimeMillis());
  69.     req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
  70.    System.out.println(2);
  71.    }else{//if session.getAttribute("logged").equals(true) which should be set to true after user is logged
  72.     System.out.println(requestedPath);
  73.     session.setAttribute("lastTime", System.currentTimeMillis());
  74.     if(requestedPath.equals("/login.jsp"))
  75.      req.getServletContext().getRequestDispatcher("/main.jsp").forward(request, response);
  76.     else
  77.      req.getServletContext().getRequestDispatcher(requestedPath).forward(request, response);
  78.    }
  79.   }
  80.  
  81.  
  82.   //chain.doFilter(request, response);
  83.  }
  84.  
  85.  private void sessionInit(HttpSession session) {
  86.   // TODO Auto-generated method stub
  87.   System.out.println("init");
  88.   session.setAttribute("spam", false);
  89.   session.setAttribute("logged", true);
  90.   session.setAttribute("lastTime", System.currentTimeMillis());
  91.  
  92.  }
  93.  
  94.  /**
  95.   * @see Filter#init(FilterConfig)
  96.   */
  97.  public void init(FilterConfig fConfig) throws ServletException {
  98.   // TODO Auto-generated method stub
  99.  
  100.  }
  101.  
  102. }

URL: http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.