Going crazy to mitigate slow read
Baptiste
bedis9 at gmail.com
Wed Mar 21 07:31:45 CET 2012
Hi,
Or you can do this in HAProxy:
http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
HAProxy and Varnish works pretty well together ;)
HAProxy will even protect you again slowloris and some other type of attacks.
cheers
On Fri, Mar 9, 2012 at 6:09 PM, Damon Snyder <damon at huddler-inc.com> wrote:
> Another way of doing this in nginx in front of varnish. See the limit_*
> directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone. It
> depends on your application, but typically, if you have an abusive
> client(s), you end up serving a lot of the requests from varnish so your
> apache processes never sees the bulk of the requests. Additionally, your
> apache threads are a more finite resource, so you want to keep them from all
> being occupied by the flood of requests if you can.
>
> Hope this helps,
> Damon
>
>
> On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <gc at ants.eu> wrote:
>>
>> Hi all.
>> I've got few servers with varnish + apache on loopback.
>> Modsecurity mitigate the problem on the only apache side, but fails with
>> apache + varnish.
>> I'm using mod_rpaf to get the right ip address, but probably something
>> goes wrong.
>>
>> I would like to get another approach and try to block the attack
>> completely in varnish.
>> In apache, some directive say: "if there are enough connection from this
>> ip in READ/WRITE state, reject incoming connections from that ip"
>> Is there a way to do so in varnish?
>>
>> Thanks
>>
>> JohnnyRun
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
More information about the varnish-misc
mailing list