0

I have a load balancer, under load balancer I have to apache webservers with Mod_jk.

Sticky session enabled in both load balancer and webservers.

I have two tomcat servers(both are clustered/session replication is enabled)

Sometimes we are seeing continuous hit from some single IP(Hopefully,they are not from Bots).

Causing site inaccessible and we are performing server restarts.

Continuous hit from single IP is odd..is there anything I can block the IP which is suspicious and again unblock after sometime without restarting web/application server?

sree
  • 868
  • 2
  • 12
  • 35

1 Answers1

0

Not sure if we can block / unblock IP address at run time (i.e., without server restart), but surely can use Remote Address Valve or Access Log Valve to analyze the requests reaching Tomcat. This can help churning out a pattern of flood requests and if any of these is to be denied.

The same can be accomplished by changing httpd.conf in Apache server as well.

Edited:

Here is another link where you can add a filter to your own web.xml. In the example, the filter contains IP addresses, but you can read a properties file, with list of IP addresses which resides outside the web application and can be changed at run time. I have not tried this, but seems to be straightforward.

Community
  • 1
  • 1
Mahesh
  • 407
  • 5
  • 4