DDOS
Caunter, Stefan
scaunter at topscms.com
Thu Feb 17 04:41:27 CET 2011
Increment a header and send an error if limit is reached from client.ip
Stefan Caunter
Operations
TorstarDigital
416.561.4871
On 2011-02-16, at 6:14 PM, "Nicholas_Maesepp at scee.net" <Nicholas_Maesepp at scee.net> wrote:
> As someone else said best to use a firewall, if you want to use a simple one just run iptables, since this is only DoS you best to use rate limit connections per IP, depending on the number of objects etc you should be able to get away with keeping connections to a fairly low number and not hampering browsing experience at all. It would need to move to being DDoS for it to bring it down.
>
> Only cheaty way I can think of doing it in the vcl is to define multiple backends one with no max_connections and one with a fairly low max_connections. Define some ip acl's using netblocks. If you feel all of the hammering comes from china and very little legit web traffic you could find their netblocks and force them to use the one with a set limit on .max_connections while others dont have such limits. Vice versa, if you expect 90% of traffic to be within your own country allow those to connect to the backend with higher max_connections and have everyone else connect with a low number. If someone tries to hammer your page it will just starve those outside your target audience but keep your backend healthy and your regular visitors fine. Lots of caveats in that and wouldn't recommend it, purely for science. Definitely use a firewall or other tools.
>
> Nick
>
>
>
>
> From: alexus <alexus at gmail.com>
> To: varnish-misc at varnish-cache.org
> Date: 02/17/2011 07:37 AM
> Subject: DDOS
> Sent by: varnish-misc-bounces at varnish-cache.org
>
>
>
> How does Varnish handles DDOS?
>
> here is my problem, in our environment varnish servers static pages
> but dynamic pages it passed to application server (apache).
> so every onces in a while we have some attacker(s) who start doing
> some sort of attacks against us, and apache hits very high load on
> server and about to go down...
> so I look up an IP address and I block it on Varnish .vcl file, and
> load goes back to normal right away...
> is there something that can be done automatically? or is there
> anything can be done at all to somehow handle this type of issue?
>
> please advise
>
> --
> http://alexus.org/
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>
>
> Sony Computer Entertainment Australia Pty Ltd
> Level 1, 63-73 Ann Street Surry Hills NSW 2010
> P.O. Box 5023 Darlinghurst NSW 2010
> ph: +61 (0)2 9324 9500 fax: +61 (0)2 9324 9558
>
> http://au.playstation.com
> http://www.facebook.com/PlayStationAU
>
>
>
> New tools, new games, new fun.
> Sackboy returns in LittleBigPlanet 2
> Out now and exclusive to PlayStation 3
>
>
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster at scee.net
> This footnote also confirms that this email message has been checked for all known viruses.
> Sony Computer Entertainment Australia Pty. Limited
> Registered Office: Level 1, 63-73 Ann Street, Surry Hills, NSW 2010 Australia
> Registered in Australia: 077 583 183
> **********************************************************************
>
> P Please consider the environment before printing this e-mail
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20110216/79199b2a/attachment-0003.html>
More information about the varnish-misc
mailing list