Protect your web service from a denial-of-service attack with Apache Synapse

If you’re looking to protect your web service from a denial-of-service (DOS) attack, and don’t want to polute your web service with home grown security logic, you may want to have a look at Apache Synapse (The Lightweight ESB).

Synapse comes packaged as a war, if you are using Maven, you should be able to use an overlay to modify the default configuration to suit your needs. On the note of configuration, this page documents one way of protecting your web service against a DOS attack, and that is by using a Throttle Mediator and Concurrency Control (in Synapse parlance).

In my case, I’m using a cloud based platform as a service provider, so low level firewall work is not going to work for me. Instead a proxy such as Synapse, routing HTTP based SOAP requests, seems to be suitable.

I hope to update this post once I have tested and deployed it all, which may take some time, since the web service is far from finished. Its good to know about Synapse though, as now I can stop thinking about security for a while and an intentional (or unintentional) DOS attack. Not sure if I could restrict load of a per client basis with Synapse, but at least global throttling is better than nothing.

 

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s