All work
Add native rate limiting support to Undertow server
Description
Pinned fields
Click on the next to a field label to start pinning.
Details
Assignee
UnassignedUnassignedReporter
Alex RousseauAlex RousseauAffects versions
Priority
TrivialComponents
Details
Details
Assignee
Unassigned
UnassignedReporter
Alex Rousseau
Alex Rousseau
Affects versions
Priority
TrivialComponents
Sentry
Sentry
Sentry
Created January 16, 2025 at 6:44 PM
Updated January 16, 2025 at 9:01 PM
Activity
Show:
Luis MajanoJanuary 16, 2025 at 9:01 PM
Yes. And part of BoxLang as well
Brad WoodJanuary 16, 2025 at 7:29 PM
Thanks for the ticket. I still really like this idea and we’ll likely implement it. However, this feature will probably be a candidate to be part of CommandBox Pro’s subscription model. cc do you agree?
Alex RousseauJanuary 16, 2025 at 6:47 PM
This came up in this thread, here:
Currently, CommandBox's Undertow server doesn't include native rate limiting capabilities. This security feature would help protect CF applications against malicious traffic.
Desired Functionality:
Limit requests per IP address within a specified timeframe
Configure via server.json, similar to other server settings
Configurable options for:
Maximum requests per time window
Time window duration
Response status code (e.g., 429)
Optional IP whitelist
Background:
This came up in a forum discussion where a developer suggested it could be added as an Undertow handler. Having this built into CommandBox would provide important security functionality without requiring Java expertise or external proxy servers.
Use Case:
Protecting CF applications from:
Rapid vulnerability scanning
Bot abuse
Brute force attempts
DDoS attacks
This would be similar to nginx's limit_req_zone functionality but native to CommandBox.