a simple java servlet filter solution against Ddos attacks


/ Published in: Java
Save to your folder(s)

a simple solution that illustrates a very practical usage of java filters, in this example we try to block any Ddos attack, spam access and route clients or visitors to there corresponding pages.
note: please test before use, then use at your own risk.


Copy this code and paste it in your HTML
  1. import java.io.IOException;
  2. import java.util.Scanner;
  3. import javax.servlet.Filter;
  4. import javax.servlet.FilterChain;
  5. import javax.servlet.FilterConfig;
  6. import javax.servlet.ServletException;
  7. import javax.servlet.ServletRequest;
  8. import javax.servlet.ServletResponse;
  9. import javax.servlet.annotation.WebFilter;
  10. import javax.servlet.http.HttpServletRequest;
  11. import javax.servlet.http.HttpServletResponse;
  12. import javax.servlet.http.HttpSession;
  13.  
  14. /**
  15.  * Servlet Filter implementation class filter
  16.  * @author prgrmmr.aben [at] gmail (dot) com
  17.  * http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html
  18.  * please give back a small donation if you find
  19.  * this little educational snippet of code useful
  20.  */
  21. @WebFilter("/filter")
  22. public class filter implements Filter {
  23.  
  24. /**
  25.   * Default constructor.
  26.   */
  27. public filter() {
  28. // TODO Auto-generated constructor stub
  29. }
  30.  
  31. /**
  32.   * @see Filter#destroy()
  33.   */
  34. public void destroy() {
  35. // TODO Auto-generated method stub
  36. }
  37.  
  38. /**
  39.   * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
  40.   */
  41. public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  42. HttpSession session;
  43. System.out.println("being filtered"); //you can use logging instead
  44. HttpServletRequest req = (HttpServletRequest)request;
  45. HttpServletResponse res = (HttpServletResponse)response;
  46. res.addHeader("X-FRAME-OPTIONS", "DENY" );
  47. String requestedPath = req.getRequestURI().substring(req.getContextPath().length());
  48. // I was using the test bellow when developing the app
  49. /*Scanner verify = new Scanner(System.in);
  50.   if(verify.nextInt()==0){
  51.   req.getSession().invalidate();
  52.   }*/
  53. session = req.getSession(false);
  54. if(req.getSession(false) == null){
  55. session = req.getSession(true);
  56. sessionInit(session);
  57. req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
  58. }else{
  59. long timeElapsed = System.currentTimeMillis() - (long) session.getAttribute("lastTime");
  60. System.out.println(timeElapsed);
  61. System.out.println("seen");
  62. if(session.getAttribute("spam").equals(true))
  63. System.out.println("spams are not allowed"); //you can use logging instead
  64. else if (timeElapsed<2000) {
  65. session.setAttribute("spam", true);
  66. System.out.println("spam need to be blocked");
  67. }else if (session.getAttribute("logged").equals(false)) {
  68. session.setAttribute("lastTime", System.currentTimeMillis());
  69. req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
  70. System.out.println(2);
  71. }else{//if session.getAttribute("logged").equals(true) which should be set to true after user is logged
  72. System.out.println(requestedPath);
  73. session.setAttribute("lastTime", System.currentTimeMillis());
  74. if(requestedPath.equals("/login.jsp"))
  75. req.getServletContext().getRequestDispatcher("/main.jsp").forward(request, response);
  76. else
  77. req.getServletContext().getRequestDispatcher(requestedPath).forward(request, response);
  78. }
  79. }
  80.  
  81.  
  82. //chain.doFilter(request, response);
  83. }
  84.  
  85. private void sessionInit(HttpSession session) {
  86. // TODO Auto-generated method stub
  87. System.out.println("init");
  88. session.setAttribute("spam", false);
  89. session.setAttribute("logged", true);
  90. session.setAttribute("lastTime", System.currentTimeMillis());
  91.  
  92. }
  93.  
  94. /**
  95.   * @see Filter#init(FilterConfig)
  96.   */
  97. public void init(FilterConfig fConfig) throws ServletException {
  98. // TODO Auto-generated method stub
  99.  
  100. }
  101.  
  102. }

URL: http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.