One technique to protect against DDoS attacks is to monitor the number or requests per seconds coming from a given IP address. Of course, IP addresses can be fakes, but let's assume this is not an issue here.
A web application installed on Tomcat (for example) can be configured to use secured http connections only (i.e., https). I am not a sysadmin expert, but I believe that in case of a DDoS attack, the high number of https connections attempts could create 100% CPU spikes.
My questions are:
Do DDoS attacks on https create long 100% CPU spikes?
Is it possible to implement a software filter to monitor requests-per-seconds before the SSL negotiation is started in order to avoid long 100% CPU spikes?
If answer to 2. is yes, can this be integrated in Tomcat? If yes how? Or it there a better solution out there?
Thanks.
EDIT
If answer to 2. is yes (but not in Tomcat), what solutions are available out there?
Ubuntu's ufw tool has a
limitoption that limits a service to 6 connections per IP address per 30 seconds. You can also use iptables.Many of the examples are for limiting
ssh, but just changing the port should do it.If you're trying to block attacks look into ConfigServer Security & Firewall. It manages iptables to set up rules to block attacks. It even installs into your WHM automatically (if you're on a WHM system).
Here is where you'll find the free version.