Another way of doing this in nginx in front of varnish. See the limit_* directives in nginx <a href="http://wiki.nginx.org/HttpLimitZoneModule#limit_zone">http://wiki.nginx.org/HttpLimitZoneModule#limit_zone</a>. It depends on your application, but typically, if you have an abusive client(s), you end up serving a lot of the requests from varnish so your apache processes never sees the bulk of the requests. Additionally, your apache threads are a more finite resource, so you want to keep them from all being occupied by the flood of requests if you can.<br>
<br>Hope this helps,<br>Damon<br><br><div class="gmail_quote">On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <span dir="ltr"><<a href="mailto:gc@ants.eu">gc@ants.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all.<br>
I've got few servers with varnish + apache on loopback.<br>
Modsecurity mitigate the problem on the only apache side, but fails with apache + varnish.<br>
I'm using mod_rpaf to get the right ip address, but probably something goes wrong.<br>
<br>
I would like to get another approach and try to block the attack completely in varnish.<br>
In apache, some directive say: "if there are enough connection from this ip in READ/WRITE state, reject incoming connections from that ip"<br>
Is there a way to do so in varnish?<br>
<br>
Thanks<br>
<br>
JohnnyRun<br>
<br>
______________________________<u></u>_________________<br>
varnish-misc mailing list<br>
<a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.org</a><br>
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" target="_blank">https://www.varnish-cache.org/<u></u>lists/mailman/listinfo/<u></u>varnish-misc</a><br>
</blockquote></div><br>