Module org.eclipse.jetty.server
Package org.eclipse.jetty.server.handler

Class ThreadLimitHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.server.handler.ThreadLimitHandler
All Implemented Interfaces:
Handler, HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle
public class ThreadLimitHandler extends HandlerWrapper

Handler to limit the threads per IP address for DOS protection

The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.

The handler makes a determination of the remote IP separately to any that may be made by the ForwardedRequestCustomizer or similar:

  • This handler will use either only a single style of forwarded header. This is on the assumption that a trusted local proxy will produce only a single forwarded header and that any additional headers are likely from untrusted client side proxies.
  • If multiple instances of a forwarded header are provided, this handler will use the right-most instance, which will have been set from the trusted local proxy
Requests in excess of the limit will be asynchronously suspended until a thread is available.

This is a simpler alternative to DosFilter

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    AbstractHandler.ErrorDispatchHandler

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

    org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

    org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

  • Field Summary

    Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    _handler

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

    Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

    KEY

  • Constructor Summary

    Constructors
    Constructor
    Description
    ThreadLimitHandler()
     
    ThreadLimitHandler(String forwardedHeader)
     
    ThreadLimitHandler(String forwardedHeader, boolean rfc7239)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doStart()
     
    void
    exclude(String inetAddressPattern)
     
    protected String
    getRemoteIP(Request baseRequest)
     
    int
    getThreadLimit()
     
    protected int
    getThreadLimit(String ip)
     
    void
    handle(String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Handle a request.
    void
    include(String inetAddressPattern)
     
    boolean
    isEnabled()
     
    void
    setEnabled(boolean enabled)
     
    void
    setThreadLimit(int threadLimit)
     

    Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

    expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    doError, doStop, getServer

    Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

    addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.eclipse.jetty.util.component.Container

    getCachedBeans, getEventListeners

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

    dumpSelf

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    isDumpable

    Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

    addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

  • Constructor Details

    • ThreadLimitHandler

      public ThreadLimitHandler()

    • ThreadLimitHandler

      public ThreadLimitHandler(@Name("forwardedHeader") String forwardedHeader)

    • ThreadLimitHandler

      public ThreadLimitHandler(@Name("forwardedHeader") String forwardedHeader, @Name("rfc7239") boolean rfc7239)

  • Method Details

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class AbstractHandler
      Throws:
      Exception

    • isEnabled

      @ManagedAttribute("true if this handler is enabled") public boolean isEnabled()

    • setEnabled

      public void setEnabled(boolean enabled)

    • getThreadLimit

      @ManagedAttribute("The maximum threads that can be dispatched per remote IP") public int getThreadLimit()

    • getThreadLimit

      protected int getThreadLimit(String ip)

    • setThreadLimit

      public void setThreadLimit(int threadLimit)

    • include

      @ManagedOperation("Include IP in thread limits") public void include(String inetAddressPattern)

    • exclude

      @ManagedOperation("Exclude IP from thread limits") public void exclude(String inetAddressPattern)

    • handle

      public void handle(String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Description copied from interface: Handler
      Handle a request.
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class HandlerWrapper
      Parameters:
      target - The target of the request - either a URI or a name.
      baseRequest - The original unwrapped request object.
      request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
      response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
      Throws:
      IOException - if unable to handle the request or response processing
      javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

    • getRemoteIP

      protected String getRemoteIP(Request baseRequest)