Going crazy to mitigate slow read
damon at huddler-inc.com
Fri Mar 9 18:09:26 CET 2012
Another way of doing this in nginx in front of varnish. See the limit_*
directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone.
It depends on your application, but typically, if you have an abusive
client(s), you end up serving a lot of the requests from varnish so your
apache processes never sees the bulk of the requests. Additionally, your
apache threads are a more finite resource, so you want to keep them from
all being occupied by the flood of requests if you can.
Hope this helps,
On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <gc at ants.eu> wrote:
> Hi all.
> I've got few servers with varnish + apache on loopback.
> Modsecurity mitigate the problem on the only apache side, but fails with
> apache + varnish.
> I'm using mod_rpaf to get the right ip address, but probably something
> goes wrong.
> I would like to get another approach and try to block the attack
> completely in varnish.
> In apache, some directive say: "if there are enough connection from this
> ip in READ/WRITE state, reject incoming connections from that ip"
> Is there a way to do so in varnish?
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the varnish-misc