Protect your web service from a denial-of-service attack with Apache Synapse

If you’re looking to protect your web service from a denial-of-service (DOS) attack, and don’t want to polute your web service with home grown security logic, you may want to have a look at Apache Synapse (The Lightweight ESB).

Synapse comes packaged as a war, if you are using Maven, you should be able to use an overlay to modify the default configuration to suit your needs. On the note of configuration, this page documents one way of protecting your web service against a DOS attack, and that is by using a Throttle Mediator and Concurrency Control (in Synapse parlance).

In my case, I’m using a cloud based platform as a service provider, so low level firewall work is not going to work for me. Instead a proxy such as Synapse, routing HTTP based SOAP requests, seems to be suitable.

I hope to update this post once I have tested and deployed it all, which may take some time, since the web service is far from finished. Its good to know about Synapse though, as now I can stop thinking about security for a while and an intentional (or unintentional) DOS attack. Not sure if I could restrict load of a per client basis with Synapse, but at least global throttling is better than nothing.