Going crazy to mitigate slow read
Damon Snyder
damon at huddler-inc.com
Fri Mar 9 18:09:26 CET 2012
Another way of doing this in nginx in front of varnish. See the limit_*
directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone.
It depends on your application, but typically, if you have an abusive
client(s), you end up serving a lot of the requests from varnish so your
apache processes never sees the bulk of the requests. Additionally, your
apache threads are a more finite resource, so you want to keep them from
all being occupied by the flood of requests if you can.
Hope this helps,
Damon
On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <gc at ants.eu> wrote:
> Hi all.
> I've got few servers with varnish + apache on loopback.
> Modsecurity mitigate the problem on the only apache side, but fails with
> apache + varnish.
> I'm using mod_rpaf to get the right ip address, but probably something
> goes wrong.
>
> I would like to get another approach and try to block the attack
> completely in varnish.
> In apache, some directive say: "if there are enough connection from this
> ip in READ/WRITE state, reject incoming connections from that ip"
> Is there a way to do so in varnish?
>
> Thanks
>
> JohnnyRun
>
> ______________________________**_________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-misc<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120309/8932797e/attachment.html>
More information about the varnish-misc
mailing list