varnish anti DOS feature
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Apr 24 11:54:17 CEST 2007
In message <17965.50357.545551.224112 at dwetzel@nerim.net>, Damien Wetzel writes:
>Hello all,
>Coming from the CDN space, one of the main reasons that
>makes people giving up extraordinary amount of money to CDNs is
>to prevent against DOS.
>I wondered if you have thought about protecting varnish against DOS
>when designing it or if you will ?
We did think about it a bit, and it is more or less the only reason we
keep per-source-ip statistics. You will be able to do something like
if (client.bandwidth > 1 mbit/s) {
sleep 1 s;
}
and similar once I get to those pieces.
As always: Ideas are most welcome
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list