(SM) Support Tip: New parameter for 9.5 to avoid DoS attacks

Recently a new web parameter was introduced on the SM 9.5X and versions going forward, with the purpose of avoiding DoS attacks to the web server.

The web parameter is maxRequestPerSecond, currently what it will do is to delimite the amount of requests that are allowed per second for one user session.

The default value for this web parameter is 50, which mean that the web client will allow 50 or less requests per second from the same user, if this request tent to go over 50, the web client will automatically disconnect the user to prevent the DoS attack

The parameter should look like this on the web.xml

<context-param>

  <param-name>maxRequestPerSecond</param-name>

  <param-value>-1</param-value>
</context-param>

If you wish to increase the value can do it to any number, also for unlimited requets you can set it to 0 or -1, this will allow unlimited request for one user

 

Tags: