Going crazy to mitigate slow read
bedis9 at gmail.com
Wed Mar 21 07:31:45 CET 2012
Or you can do this in HAProxy:
HAProxy and Varnish works pretty well together ;)
HAProxy will even protect you again slowloris and some other type of attacks.
On Fri, Mar 9, 2012 at 6:09 PM, Damon Snyder <damon at huddler-inc.com> wrote:
> Another way of doing this in nginx in front of varnish. See the limit_*
> directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone. It
> depends on your application, but typically, if you have an abusive
> client(s), you end up serving a lot of the requests from varnish so your
> apache processes never sees the bulk of the requests. Additionally, your
> apache threads are a more finite resource, so you want to keep them from all
> being occupied by the flood of requests if you can.
> Hope this helps,
> On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <gc at ants.eu> wrote:
>> Hi all.
>> I've got few servers with varnish + apache on loopback.
>> Modsecurity mitigate the problem on the only apache side, but fails with
>> apache + varnish.
>> I'm using mod_rpaf to get the right ip address, but probably something
>> goes wrong.
>> I would like to get another approach and try to block the attack
>> completely in varnish.
>> In apache, some directive say: "if there are enough connection from this
>> ip in READ/WRITE state, reject incoming connections from that ip"
>> Is there a way to do so in varnish?
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
More information about the varnish-misc