Skip to main content
R
rmajoran
Known Participant
March 12, 2008
Question

Stopping DOS Attacks - Methods?

  • March 12, 2008
  • 2 replies
  • 333 views
Does anyone have any helpful tips on stopping Denial of Service attacks. What is mean is this --

If someone sits there in their browser and hits REFRESH 100 times on a page that requires a lot of database interactivity, it can bring down your server pretty quick. ColdFusion connections sit in a queue and keep running and running and running.

Is there a way that if someone hits REFRESH on a page, that it stops the query that is running and starts it again for that user?

Looking forward to some thoughts on this.

Sincerely,
Ray
    This topic has been closed for replies.

    2 replies

    S
    Superflair
    Participating Frequently
    March 19, 2008
    Easy...

    onapplicationstart -> application.pendingrequests = arrayNew(2) {sessionid + time};

    onrequeststart -> find an element in the application array that match the sessionid of the user and where time is < than X seconds (or milliseconds) than now()

    if none is found, return true (go ahead) else call whatever function that returns getLost(for x seconds) to user...




    N
    Newsgroup_User
    Inspiring
    March 12, 2008
    rmajoran wrote:
    > Does anyone have any helpful tips on stopping Denial of Service attacks. What
    > is mean is this --
    >
    > If someone sits there in their browser and hits REFRESH 100 times on a page
    > that requires a lot of database interactivity, it can bring down your server
    > pretty quick. ColdFusion connections sit in a queue and keep running and
    > running and running.
    >
    > Is there a way that if someone hits REFRESH on a page, that it stops the query
    > that is running and starts it again for that user?
    >
    > Looking forward to some thoughts on this.
    >
    > Sincerely,
    > Ray
    >


    Make use of data and response caching techniques so that the page does
    not need to be completely re-built for each and every identical request.

    Make use of form validation that prevents the resubmitting of forms.

    Make use of web server and|or router techniques that mitigate DOS type
    attacks.

    R
    rmajoranAuthor
    Known Participant
    March 12, 2008
    quote:

    Make use of data and response caching techniques so that the page does
    not need to be completely re-built for each and every identical request.

    Make use of form validation that prevents the resubmitting of forms.

    Make use of web server and|or router techniques that mitigate DOS type
    attacks.



    Thanks for your response. Here are some comments:

    1. Caching aside, there are still many times where you need to reload aspects of the page -- especially within a content management system or blog when stuff is always changing.

    2. Forms are not the issue.

    3. We have a very advanced firewall, but it's still not going to stop the average user from hitting refresh 5 times.

    Is there anything within ColdFusion that says, "This is the same request that was just submitted by the same user... ignore one of them."?
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices