Configuring denial of service protection for the proxy server

You can configure a pair of properties on your proxy server or IBM® WebSphere® Application Server용 DMZ 보안 프록시 서버 to limit your risk against denial of service attacks involving the buffering of large HTTP payloads.

Before you begin

Denial of service protection for the proxy server or the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 is not done during the creation of these servers. The proxy server or the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 that will include denial of service protection must already exist before following these steps.

About this task

Note:

Protection is now included to guard against a type of security breach known as a denial of service attack. This type of attack can typically send more traffic to a network address than the data buffers were designed to accommodate. The proxy server and IBM WebSphere Application Server용 DMZ 보안 프록시 서버 have several properties that can be configured to limit your risk against denial of service attacks involving the buffering of large HTTP payloads.

A denial of service attack is a malicious type of security breach to a computer system that does not usually result in the theft of information or other security loss. This type of attack can typically send more traffic to a network address than the data buffers were designed to accommodate resulting in a loss of memory. HTTP allows for the body of a message to be sent to an HTTP server as an HTTP request or an HTTP response. The body can be sent to the HTTP server in a series of sequential network writes instead of being sent in one large network write. This is process is known as Transfer-Encoding chunking. The maximum size of a Transfer-Encoding: chunked response body and a Transfer-Encoding: chunked request body can be set to determine how much data is buffered before a network write is performed.

Procedure

  1. Click Servers>Proxy Servers>proxy_server_name.
  2. Under Proxy Settings, expand HTTP Proxy Server Settings and click Denial of service protection
  3. Set the appropriate buffer size in kilobytes for Maximum request body buffer size. Buffering can lead to better performance because it will decrease the number of network writes for large payloads. The size of the buffer must not be configured too high or memory exhaustion can occur. To determine the optimal values for your environment, gradually increase the size of the buffer until the proper balance has been achieved.
  4. Set the appropriate buffer size in kilobytes for Maximum response body buffer size. The same precaution must be taken when setting Maximum response body buffer size as were indicated for Maximum request body buffer size.

Results

After these steps have been properly complete, denial of service protection will be in place for your proxy server or IBM WebSphere Application Server용 DMZ 보안 프록시 서버.

주제 유형을 표시하는 아이콘 태스크 주제



시간소인 아이콘 마지막 업데이트 날짜: July 9, 2016 6:12
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_spxy_dos
파일 이름:tsec_spxy_dos.html