varnish anti DOS feature

Poul-Henning Kamp phk at
Tue Apr 24 11:54:17 CEST 2007

In message <17965.50357.545551.224112 at>, Damien Wetzel writes:
>Hello all,
>Coming from the CDN space, one of the main reasons that
>makes people giving up extraordinary amount of money to CDNs is
>to prevent against DOS.
>I wondered if you have thought about protecting varnish against DOS
>when designing it or if you will ?

We did think about it a bit, and it is more or less the only reason we
keep per-source-ip statistics.  You will be able to do something like

	if (client.bandwidth > 1 mbit/s) {
		sleep 1 s;

and similar once I get to those pieces.

As always: Ideas are most welcome

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list