Example Servlet Filter that catches and blocks IP's that request suspicious URL's

Question

To avoid re-developing the wheel. Are there any example Java EE servlet filters that take care of some basic security checks/ i.e.

• Block web requests for a time period if a rootkit hits the server, ie with a url that ends in .exe or contains "../../.."
• Throttle or block IP's that are making unexpectedly high number of requests.

I also wonder if something equivalent to a Thread.sleep(1000); in the servlet filter for those particular types of requests wouldn't be such a bad thing.

Answer 1

Maybe this will help.

public class SuspiciousURLFilter implements Filter {

        @Override
        public void destroy() {
        }

        @Override
        public void doFilter(ServletRequest request, ServletResponse response,
                FilterChain filterChain) throws IOException, ServletException {

            HttpServletRequest httpRequest = (HttpServletRequest) request;
            String requestURI = httpRequest.getRequestURI();

            if (requestURI.endsWith(".exe")) {

                HttpServletResponse httpResponse = (HttpServletResponse) response;
                            //send error or maybe redirect to some error page
                            httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
            }

            filterChain.doFilter(request, response);
        }

        @Override
        public void init(FilterConfig config) throws ServletException {
        }
    }

In your web.xml:

    <filter>
        <filter-name>suspiciousURLFilter </filter-name>
        <filter-class>your.package.SuspiciousURLFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>SuspiciousURLFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>