/
RateLimitFilter.java
91 lines (74 loc) · 2.73 KB
/
RateLimitFilter.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package mx.nic.rdap.server.filter;
import java.io.IOException;
import java.net.InetAddress;
import java.util.HashMap;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
/**
* If active, prevents any IP from doing too many requests at once.
*/
public class RateLimitFilter implements Filter {
private final static Logger logger = Logger.getLogger(RateLimitFilter.class.getName());
/**
* Clients doing requests RIGHT NOW. I haven't set an upper limit to how
* much this can grow because Tomcat's maxConnections already does it.
*/
private HashMap<InetAddress, ClientRequestCount> clients = new HashMap<>();
/** Maximum number of requests any client can send simultaneously. */
private int limit;
@Override
public void init(FilterConfig config) {
String limit = config.getInitParameter("limit");
this.limit = (limit == null) ? 20 : Integer.parseInt(limit);
logger.info("Going to allow " + this.limit + " simultaneous requests per client.");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
InetAddress remoteAddr = InetAddress.getByName(request.getRemoteAddr());
logger.info("Received a request from " + request.getRemoteAddr() + ".");
ClientRequestCount requestCount = new ClientRequestCount();
synchronized (clients) {
ClientRequestCount oldRequestCount = clients.putIfAbsent(remoteAddr, requestCount);
if (oldRequestCount != null) {
if (oldRequestCount.getCount() >= limit) {
refuse(response);
return;
}
oldRequestCount.plusPlus();
requestCount = oldRequestCount;
}
logger.info("Simultaneous requests: " + requestCount);
}
chain.doFilter(request, response);
synchronized (clients) {
logger.info("Substracting from this client's simultaneous connections.");
int count = requestCount.minusMinus();
if (count == 0) {
logger.info("Ok, I can now forget about this client.");
clients.remove(remoteAddr);
}
logger.info("Number of clients: " + clients.size());
}
}
private void refuse(ServletResponse response) throws IOException {
logger.info("Client has too many requests. Refusing.");
if (!(response instanceof HttpServletResponse)) {
logger.info("Response is not HTTP.");
return; // I have no clue.
}
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(429, "Too many simultaneous requests!");
logger.info("Sent 429.");
}
@Override
public void destroy() {
// Nothing needed.
}
}