From noelle at uni-wuppertal.de  Tue Oct 14 08:30:42 2025
From: noelle at uni-wuppertal.de (=?UTF-8?Q?Christian_N=C3=B6lle?=)
Date: Tue, 14 Oct 2025 10:30:42 +0200
Subject: Considerations regarding throtteling
Message-ID: <29aca505-cca9-4ac8-b999-d1fa931ab4d5@uni-wuppertal.de>

Hello everyone,

I would like to hear your opinion on how you would approach this problem.

We have two Varnish servers running in a load-balancing cluster that 
cache TYPO3-based websites. We keep having the problem that script 
kiddies like to flood the server with requests and probes for vulnerable 
web applications.

Basically, a WAF is connected upstream of the servers, but every now and 
then something gets through that isn't detected. This sometimes puts 
stress on our backend servers, so I'm thinking about how best to deal 
with it. Mod vsthrottle came to mind, i.e. slowing everything down once 
a certain request rate is reached. But of course, I don't want to affect 
?real? requests. What comes to mind for you?

Best regards!

Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5070 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20251014/0b5b5e51/attachment.bin>