jetty · gregw · Jul 22, 2024 · Jul 24, 2024 · Jul 24, 2024 · Jul 25, 2024
diff --git a/jetty-core/jetty-server/src/main/config/etc/jetty-dos.xml b/jetty-core/jetty-server/src/main/config/etc/jetty-dos.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://jetty.org/configure_10_0.dtd">
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+  <Call name="insertHandler">
+    <Arg>
+      <New id="DosHandler" class="org.eclipse.jetty.server.handler.DoSHandler">
+        <Arg name="getId">
+          <Get>
+            <Name><Property name="jetty.dos.id.type" default="ID_FROM_REMOTE_ADDRESS"/></Name>
+            <Class><Property name="jetty.dos.id.class" default="org.eclipse.jetty.server.handler.DoSHandler"/></Class>
+          </Get>
+        </Arg>
+        <Arg name="rateControlFactory">
+          <New>
+            <Class><Property name="jetty.dos.rateControlFactory" default="org.eclipse.jetty.server.handler.DoSHandler$ExponentialMovingAverageRateControlFactory"/></Class>
+            <Arg name="samplePeriodMs" type="long"><Property name="jetty.dos.rateControlFactory.samplePeriodMs" default="-1"/></Arg>
+            <Arg name="alpha" type="double"><Property name="jetty.dos.rateControlFactory.expMovingAvg.alpha" default="-1.0"/></Arg>
+            <Arg name="maxRequestsPerSecond" type="int"><Property name="jetty.dos.maxRequestsPerSecond" default="100"/></Arg>
+          </New>
+        </Arg>
+        <Arg name="rejectHandler">
+          <New>
+            <Class><Property name="jetty.dos.rejectHandler" default="org.eclipse.jetty.server.handler.DoSHandler$DelayedRejectHandler"/></Class>
+            <Arg name="delayMs" type="long"><Property name="jetty.dos.rejectHandler.delayed.delayMs" default="1000"/></Arg>
+            <Arg name="maxDelayQueue" type="int"><Property name="jetty.dos.rejectHandler.delayed.maxDelayQueue" default="1000"/></Arg>
+            <Arg name="reject">
+              <New class="org.eclipse.jetty.server.handler.DoSHandler$StatusRejectHandler">
+                <Arg name="status"><Property name="jetty.dos.rejectStatus" default="429"/></Arg>
+              </New>
+            </Arg>
+          </New>
+        </Arg>
+        <Arg name="maxTrackers" type="int"><Property name="jetty.dos.maxTrackers" default="-1"/></Arg>
+
+        <Call name="includeInetAddressPattern">
+          <Arg>
+            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+              <Arg><Property name="jetty.dos.include.inet" default="" /></Arg>
+            </Call>
+          </Arg>
+        </Call>
+        <Call name="excludeInetAddressPattern">
+          <Arg>
+            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+              <Arg><Property name="jetty.dos.exclude.inet" default="" /></Arg>
+            </Call>
+          </Arg>
+        </Call>
+        <Call name="includePath">
+          <Arg>
+            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+              <Arg><Property name="jetty.dos.include.path" default="" /></Arg>
+            </Call>
+          </Arg>
+        </Call>
+        <Call name="excludePath">
+          <Arg>
+            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+              <Arg><Property name="jetty.dos.exclude.path" default="" /></Arg>
+            </Call>
+          </Arg>
+        </Call>
+      </New>
+    </Arg>
+  </Call>
+</Configure>
diff --git a/jetty-core/jetty-server/src/main/config/modules/dos.mod b/jetty-core/jetty-server/src/main/config/modules/dos.mod
@@ -0,0 +1,59 @@
+# DO NOT EDIT THIS FILE - See: https://eclipse.dev/jetty/documentation/
+
+[description]
+Enables the DosHandler for the server.
+
+[tags]
+connector
+
+[depend]
+server
+
+[xml]
+etc/jetty-dos.xml
+
+[ini-template]
+
+## The algorithm to use for obtaining an Id from an Request: ID_FROM_REMOTE_ADDRESS, ID_FROM_REMOTE_PORT, ID_FROM_REMOTE_ADDRESS_PORT, ID_CONNECTION
+#jetty.dos.id.type=ID_FROM_REMOTE_ADDRESS
+#jetty.dos.id.class=org.eclipse.jetty.server.handler.DosHandler
+
+## The class to use to create RateControl instances to track the rate of requests
+#jetty.dos.rateControlFactory=org.eclipse.jetty.server.handler.DosHandler$ExponentialMovingAverageRateControlFactory
+
+## The sample period(ms) to determine the request rate, or -1 for a default value
+#jetty.dos.rateControlFactory.samplePeriodMs=100
+
+## The Exponential factor for the moving average rate
+#jetty.dos.rateControlFactory.expMovingAvg.alpha=0.2
+
+## The maximum requests per second per client
+#jetty.dos.maxRequestsPerSecond=100
+
+## The Handler class to use to reject DOS requests
+#jetty.dos.rejectHandler=org.eclipse.jetty.server.handler.DosHandler$TooManyRequestsRejectHandler
+
+## The period to delay dos requests before rejecting them.
+#jetty.dos.rejectHandler.delayed.delayMs=1000
+
+## The maximum number of requests to be held in the delay queue
+#jetty.dos.rejectHandler.delayed.maxDelayQueue=1000
+
+## The maximum number of clients to track; or -1 for a default value
+#jetty.dos.maxTrackers=10000
+
+## The status code used to reject requests; or 0 to abort the request; or -1 for a default
+#jetty.dos.rejectStatus=429
+
+## List of InetAddress patterns to include
+#jetty.dos.include.inet=10.10.10-14.0-128
+
+## List of InetAddressPatterns to exclude
+#jetty.dos.exclude.inet=10.10.10-14.0-128
+
+## List of path patterns to include
+#jetty.dos.include.path=/context/*
+
+## List of path to exclude
+#jetty.dos.exclude.path=/context/*
+