Going crazy to mitigate slow read

Damon Snyder damon at huddler-inc.com
Fri Mar 9 18:09:26 CET 2012

Another way of doing this in nginx in front of varnish. See the limit_*
directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone.
It depends on your application, but typically, if you have an abusive
client(s), you end up serving a lot of the requests from varnish so your
apache processes never sees the bulk of the requests. Additionally, your
apache threads are a more finite resource, so you want to keep them from
all being occupied by the flood of requests if you can.

Hope this helps,

On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <gc at ants.eu> wrote:

> Hi all.
> I've got few servers with varnish + apache on loopback.
> Modsecurity mitigate the problem on the only apache side, but fails with
> apache + varnish.
> I'm using mod_rpaf to get the right ip address, but probably something
> goes wrong.
> I would like to get another approach and try to block the attack
> completely in varnish.
> In apache, some directive say: "if there are enough connection from this
> ip in READ/WRITE state, reject incoming connections from that ip"
> Is there a way to do so in varnish?
> Thanks
> JohnnyRun
> ______________________________**_________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-misc<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120309/8932797e/attachment.html>

More information about the varnish-misc mailing list