How to configure Denial of Service filters in ODL controller

Question

I am new to ODL controller and the embedded jetty. I would like to add the DoSFilter in jetty.xml to throttle the REST requests if there is a request flooding.

I tried searching the internet, but has lot of examples for configuring it in web.xml DoSFilter but not found much help for jetty.xml

Any help in configuring DoSFilter in jetty.xml would be of great help.

ODL - Nitrogen version

Jetty - 9.2.21.X version

The following are the options which I have tried so far.

Filters configured in jetty.xml:

    <Get name="handler">
        <Call name="addHandler">
            <Arg>
                <New class="org.eclipse.jetty.servlet.ServletContextHandler">
                    <Set name="contextPath">/</Set>
                    <Set name="resourceBase">../</Set>
                    <Call name="addFilter">
                        <Arg>
                            <New class="org.eclipse.jetty.servlet.FilterHolder">
                                <Arg>
                                    <New class="org.eclipse.jetty.servlets.DoSFilter" />
                                </Arg>
                                <Call name="setInitParameter">
                                    <Arg>maxRequestsPerSec</Arg>
                                    <Arg>30</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>delayMs</Arg>
                                    <Arg>100</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>maxRequestMs</Arg>
                                    <Arg>0</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>maxIdleTrackerMs</Arg>
                                    <Arg>0</Arg>
                                </Call>
                                <Call name="setInitParameter">
                                    <Arg>ipWhitelist</Arg>
                                    <Arg>127.0.0.1</Arg>
                                </Call>
                            </New>
                        </Arg>
                        <Arg>/cxf/*</Arg>
                        <Arg>
                            <Call class="java.util.EnumSet" name="of">
                                <Arg>
                                    <Get class="javax.servlet.DispatcherType" name="REQUEST" />
                                </Arg>
                            </Call>
                        </Arg>
                    </Call>
                </New>
            </Arg>
        </Call>
    </Get>

Filters configured in web.xml:

    <filter>
            <filter-name>DoSFilter</filter-name>
            <filter-class>org.eclipse.jetty.servlets.DoSFilter</filter-class>
            <init-param>
                    <param-name>maxRequestsPerSec</param-name>
                    <param-value>1</param-value>
            </init-param>
            <init-param>
                    <param-name>delayMs</param-name>
                    <param-value>100</param-value>
            </init-param>
            <init-param>
                    <param-name>maxRequestMs</param-name>
                    <param-value>0</param-value>
            </init-param>
            <init-param>
                    <param-name>maxIdleTrackerMs</param-name>
                    <param-value>0</param-value>
            </init-param>
            <init-param>
                    <param-name>ipWhitelist</param-name>
                    <param-value>127.0.0.1</param-value>
            </init-param>
    </filter>
    <filter-mapping>
            <filter-name>DoSFilter</filter-name>
            <url-pattern>/cxf/*</url-pattern>
    </filter-mapping>

Answer 1

Because you are using embedded Jetty you do not need a jetty.xml file, instead you can configure this through API. Here is a code example which configures the DoSFilter with the same settings from your example in an embedded usage.

Server server = new Server();
ServerConnector connector = new ServerConnector(server);
server.addConnector(connector);

ServletContextHandler contextHandler = new ServletContextHandler();
contextHandler.setContextPath("/");
server.setHandler(contextHandler);

DoSFilter filter = new DoSFilter();
filter.setMaxRequestsPerSec(30);
contextHandler.addFilter(new FilterHolder(filter), "/*", EnumSet.of(DispatcherType.REQUEST));

server.start();
server.join();

I would also suggest you update to the latest version of Jetty as jetty-9.2 is End of Life, the latest version is currently jetty-9.4.27.