Denial of service
Use the denial of service configuration option to protect against denial of service attacks.
The directory server protects against the following types of denial of service attacks:
- Clients that send data slowly, send partial data, or send no data
- Clients that do not read data results or who read results slowly
- Clients that do not unbind
- Clients that make requests that produce long-running database requests
- Clients that bind anonymously
- Server loads that prevent the administrator from administering the server
The directory server gives an administrator several methods to prevent denial of service attacks. An administrator always has access to the server through the use of an emergency thread even if the server is busy with long-running operations. In addition, the administrator has control over server access including the ability to disconnect clients with a particular bind DN or IP address and configure the server to not allow anonymous access. Other configuration options can be activated to allow the server to actively prevent denial of service attacks.
Parent topic:
Directory Server security
Related tasks
Managing server connections
Managing connection properties