Abstract
A denial of service (DoS) attack is an attempt to make a computer resource unavailable to its intended users.
At the dispatcher level, there are two methods of configuring to prevent DoS attacks:
Use the mod_rewrite module (for example, Apache 2.4) to perform URL validations (if the URL pattern rules are not too complex).
Prevent the dispatcher from caching URLs with spurious extensions by using filters. For example, change the caching rules to limit caching to the expected mime types, such as
.html
.jpeg
.gif
.swf
.js
.doc
.pdf
.ppt
.... as per your project requirement.
An example configuration file is given below, for this includes restrictions for mime types.
When configuring Dispatcher you should restrict external access as much as possible. The following example provides example for the minimal access for external visitors, you can refer the default file.
/filter
{
# Deny everything first and then allow specific entries
/0001 { /type "deny" /glob "*" }
# Enable extensions in non-public content directories,
#using a regular expression
/0041
{
/type "allow"
/extension '(css|gif|ico|js|png|swf|jpe?g)'
}
# Enable features # enable personalization
/0062 { /type "allow" /url "/libs/cq/personalization/*" }
# Deny content grabbing, on all accessible pages, using regular expressions
/0081
{
/type "deny"
/selectors '((sys|doc)view|query|[0-9-]+)'
/extension '(json|xml)'
}
# Deny content grabbing for /content and its subtree
/0082
{
/type "deny"
/path "/content/*"
/selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)'
/extension '(json|xml|html)'
}
# allow one-level json requests
# /0087 { /type "allow" /method "GET" /extension 'json' "*.1.json" }
}
Read Full Blog
Q&A
Please use this thread to ask the related questions.
Kautuk Sahni