Request based intrusion detection in Tomcat

Question

I'm wondering if there is a way to push tomcat requests through a custom class easily (e.g without having to heavily modify the codebase) to do things like running a regex to check for XSS and SQL Injection attacks and deny them/sanitize them based on this knowledge.

Thanks

The general advice is not to go that road as it's impossible to create patterns covering all sorts of XSS/SQL injections, let alone dealing with false positives. — mindas, Jul 12 '11 at 13:26
I don't think there is an easy way of solving XSS/SQL injections. Your suggestion is better than nothing, but the only proper way of fixing problems is to follow common practices (always using prepared statements, using web frameworks that do validation/sanitation and are immune to XSS, etc.). OTOH you need to do some estimation and see what are the business costs of a potential break-in and how much do you want to invest. Who knows, maybe a filter will end up as the preferred choice? — mindas, Jul 16 '11 at 22:12

score 2 · Accepted Answer · answered Jul 10 '11 at 18:46

2

Of course - use a Filter:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=java+xss+filter http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=java+servlet+filter

answered Jul 10 '11 at 18:46

duffymo

305,152
44
369
561

This is spot on, thanks a lot, sorry for asking such a simple question, not been working with Tomcat for long. – Reu Jul 10 '11 at 18:49
No worries, it's a fine question. – duffymo Jul 10 '11 at 21:59

Request based intrusion detection in Tomcat

1 Answers1