0

We have a Debian based server running Tomcat behind a load-balanced webserver. As it's for development, we have added basic authentication in tomcat with username and password. But we are getting so much spam requests with crazy combinations that our server is overloading. Any way we can block that IP or some limiting factor after 2-3 attempts. Thank you.

I don't have any code here to show, as it's just username passwords in tomcat-users.xml

We are Borg
  • 177
  • 1
  • 18
  • maybe its possible you can do the basic-auto in your load-balancing webserver? f.e. in apache2 you could easily do this. additionally things like fail2ban or similiar strategies would drop every "non-conforming" ip quite fast as well. (won't help vs DDOS though) – Dennis Nolte Apr 25 '19 at 07:39
  • @DennisNolte : We have fail2ban and denyhosts already setup, will check out basic-auto as u suggested. Thanks. – We are Borg Apr 25 '19 at 07:43
  • @DennisNolte I am not able to find antyhing in apache like basic-auto, do u mean authorization via htaccess? – We are Borg Apr 25 '19 at 07:43
  • exactly, this is (at least i think) called basic-auth as well. see for example here: https://wiki.apache.org/httpd/PasswordBasicAuth note that you don't need a htaccess file if you control the apache2 server configuration directly. – Dennis Nolte Apr 25 '19 at 08:36
  • Why not configure firewall rules and allow only specific IP addresses to access the dev server – Juraj Martinka Apr 25 '19 at 19:37
  • @JurajMartinka : Our clients have access to it as well. Thank you. :-) – We are Borg Apr 26 '19 at 04:40

2 Answers2

0

Temporarily, I have managed to block certain countries which were spamming a lot with Iptables. Will test it for few weeks first, or else implement basic auth with htaccess.

We are Borg
  • 177
  • 1
  • 18
0

I'd recommend installing fail2ban and have that automatically block IPs for a (hour/day/week/month - take your pick) after 3 authentication failures in a row. You should be able to get fail2ban to trigger of 401 responses in Tomcat's access log.

Mark Thomas
  • 887
  • 5
  • 8