Varnish lightweight firewall, IP logging and temp ban
joshua.strebel at gmail.com
Mon Nov 19 05:50:46 CET 2012
I am looking for the best way to achieve the following while keeping latency as low as possible.
We want to track all IP's accessing a certain login page, call it login.php. We want to track over a 2-3 minute period all the IP that attempt this url, if a certain threshold is reached.. say 10 tries, we wish to drop the request or return a non 40x response.
Memcached in Varnish may work :http://sodabrew.com/2012/01/introducing-varnish-memcached-module.html
We could increment a key/value, and check it on every request.. if threshold reach return error 405.
We thought about also creating a simple fcgi backend to send all login.php requests to.. and in that backend do it all with PERL/Memcached or whatnot. Proxy the request through if valid, return 40x back to varnish if not. However I am not sure if varnish supports a fcgi backend without having to load a full web server which may add overhead to the request time.
Memcached is handy as we can utilize the ttl to only temp ban an IP for x seconds.
Essentially we want a more fluid way of blocking incoming traffic for a time period, and the unblocking it later. Our firewalls are more stringent, it is blocked or not.. not time release or what not.
Sorry of this is all over the place, just curious what the best approach would be inside of varnish to handle this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the varnish-misc