stackoom
  简体   繁体   中英

AWS EC2 Tomcat Java Webapp - How can I manage bot http sessions

 原文  2017-07-13 14:11:27       java/ session/ tomcat/ amazon-ec2

Question

I have a Tomcat 8 Java webapp deployed in an AWS EC2 Ubuntu instance.

It seems that there is a lot of bots trying to access my app because in my Javamelody monitoring I can see one-request bot's sessions cached by spring security like: 

DefaultSavedRequest[http://52.27.73.101/phpmy-admin/]
DefaultSavedRequest[http://52.27.73.101/wp-login.php]
DefaultSavedRequest[http://52.27.73.101/admin/phpmyadmin/]

Is there a way to prevent from that bot's request? I don't know, maybe a spring security config that does not save them on caché, oa tomcat config that do something similar?

Lots of them doesn't have even IP, or Country, or User Agent.

Apart from security warning, my Javamelody Http Sessions Info it's not trustable because there are a lot of these.

The EC2 Instances is behind an AWS Load Balancer, so maybe can help in this thread too.

1 answers

solution1
 0  2017-07-13 14:21:07

If you have an EC2 instance you have full control of your SO. You could use any tool, for example iptables, to control the network traffic. Maybe with something like this: 

iptables -I INPUT -s <bot IP source> -j DROP

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I manage sessions in Java EE? How does Tomcat work in AWS EC2 Deploy Java webapp on AWS EC2 from Eclipse How to deploy a Java webapp on Amazon EC2 so that you can efficiently use autoscaling? How does Tomcat manage sessions? Tomcat 8 HTTPS connection not working on AWS EC2 Configure Tomcat8 on AWS EC2? EC2 AWS Instance: Check if tomcat is running Java timezone & AWS EC2 AWS EC2, Tomcat7, Spring Boot, web, mvc, REST - http get method is not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM