Skip to content

Simplify the DosFilter for #1256 #10748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gregw merged 2 commits into from
Oct 18, 2023
Merged

Simplify the DosFilter for #1256 #10748

gregw merged 2 commits into from
Oct 18, 2023

Conversation

@gregw
Copy link
Contributor

@gregw gregw commented Oct 18, 2023

Use only IP tracking for the DosFilter to fix #1256

@gregw
Simplify the DosFilter for #1256
d55eb31 
Use only IP tracking for the DosFilter to fix #1256

Signed-off-by: gregw <[email protected]>
@gregw gregw requested review from lorban and sbordet October 18, 2023 06:50
lorban
lorban requested changes Oct 18, 2023
View reviewed changes
Copy link
Contributor

@lorban lorban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few nits.

jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java

// Sets the _prefix_ most significant bits to 1
result[index] = (byte)~((1 << (8 - prefix)) - 1);
result[index] = (byte)-(1 << (8 - prefix));
Copy link
Contributor

@lorban lorban Oct 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason why you changed the bit manipulation? It looks correct, but it's always hard to review without tests.

Copy link
Contributor Author

@gregw gregw Oct 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep intellij happy

@gregw
Simplify the DosFilter for #1256
9a2dc05 
Use only IP tracking for the DosFilter.

Signed-off-by: gregw <[email protected]>
@gregw gregw requested a review from lorban October 18, 2023 13:12
sbordet
sbordet requested changes Oct 18, 2023
View reviewed changes
documentation/jetty-documentation/src/main/asciidoc/old_docs/extras/dos-filter.adoc
Jetty places throttled requests in a priority queue, giving priority first to authenticated users and users with an HttpSession, then to connections identified by their IP addresses.
Connections with no way to identify them have lowest priority.
To uniquely identify authenticated users, you should implement the The extractUserId(ServletRequest request) function.
Jetty places throttled requests in a queue, and proceed only when there is capacity available.
Copy link
Contributor

@sbordet sbordet Oct 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the old documentation for Jetty 9.4.x, so leave it unchanged.

@sbordet sbordet self-requested a review October 18, 2023 19:57
@gregw gregw merged commit 168d871 into jetty-10.0.x Oct 18, 2023
gregw added a commit that referenced this pull request Oct 18, 2023
@gregw
Simplify the DosFilter for #1256 (#10748)
de862c5 
Use only IP tracking for the DosFilter to fix #1256

Signed-off-by: gregw <[email protected]>
@joakime joakime deleted the fix/jetty-10/1256/SimplifyDosFilter branch October 25, 2023 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbordet sbordet sbordet approved these changes

@lorban lorban lorban approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DoSFilter leaks USER_AUTH entries

4 participants

@gregw @sbordet @lorban