DDOS

Thu Feb 17 00:13:16 CET 2011

As someone else said best to use a firewall, if you want to use a simple 
one just run iptables, since this is only DoS you best to use rate limit 
connections per IP, depending on the number of objects etc you should be 
able to get away with keeping connections to a fairly low number and not 
hampering browsing experience at all. It would need to move to being DDoS 
for it to bring it down. 

Only cheaty way I can think of doing it in the vcl is to define multiple 
backends one with no max_connections and one with a fairly low 
max_connections. Define some ip acl's using netblocks. If you feel all of 
the hammering comes from china and very little legit web traffic you could 
find their netblocks and force them to use the one with a set limit on 
.max_connections while others dont have such limits. Vice versa, if you 
expect 90% of traffic to be within your own country allow those to connect 
to the backend with higher max_connections and have everyone else connect 
with a low number. If someone tries to hammer your page it will just 
starve those outside your target audience but keep your backend healthy 
and your regular visitors fine. Lots of caveats in that and wouldn't 
recommend it, purely for science. Definitely use a firewall or other 
tools.

Nick

From:   alexus <alexus at gmail.com>
To:     varnish-misc at varnish-cache.org
Date:   02/17/2011 07:37 AM
Subject:        DDOS
Sent by:        varnish-misc-bounces at varnish-cache.org

How does Varnish handles DDOS?

here is my problem, in our environment varnish servers static pages
but dynamic pages it passed to application server (apache).
so every onces in a while we have some attacker(s) who start doing
some sort of attacks against us, and apache hits very high load on
server and about to go down...
so I look up an IP address and I block it on Varnish .vcl file, and
load goes back to normal right away...
is there something that can be done automatically? or is there
anything can be done at all to somehow handle this type of issue?

please advise

-- 
http://alexus.org/

_______________________________________________
varnish-misc mailing list
varnish-misc at varnish-cache.org
http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Sony Computer Entertainment Australia Pty Ltd
Level 1, 63-73 Ann Street Surry Hills NSW 2010
P.O. Box 5023 Darlinghurst NSW 2010
ph: +61 (0)2 9324 9500 fax: +61 (0)2 9324 9558
http://au.playstation.com
http://www.facebook.com/PlayStationAU

New tools, new games, new fun.
Sackboy returns in LittleBigPlanet 2
Out now and exclusive to PlayStation 3

**********************************************************************
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify postmaster at scee.net
This footnote also confirms that this email message has been checked for 
all known viruses.
Sony Computer Entertainment Australia Pty. Limited
Registered Office: Level 1, 63-73 Ann Street, Surry Hills, NSW 2010 
Australia
Registered in Australia: 077 583 183
**********************************************************************

P Please consider the environment before printing this e-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20110217/90ad53d7/attachment-0003.html>