Yes, it needs to be at a very low level. In my infrastructure, when the system is detecting a DOS attack it creates a firewall rule on the offending IP address. This rule will expire in a few minutes. If the DOS continues after the few minutes then An hour long restriction is imposed. If after an hour the DOS is still active then a permanent restriction is created and an admin is notified. The admin then researched the attack and if it proves to be of malicious intent (not some misconfiguration on the software) then we take it up with the ISP.
Does Google have (currently or in plan) something similar that will help address the DOS issues? You go through all the trouble to launch an application and then they take it down through DOS... this would really look bad for a start-up website not to mention Google. Well, actually Google's GAE wouldn't be that affected because the users will assume that the application went over it's quota. The normal users would not know of the DOS attack. Thanks, Tony On Sep 12, 1:24 pm, uprise78 <[EMAIL PROTECTED]> wrote: > Rich, correct me if I'm wrong but that code you sent will add a new > read and a new write to every page hit and on top of that if the > person is banned they will still be able to reach the webpage and > cause it to perform this same read/write. I think DDOS attach > protection needs to be done on a much lower level than that. > > On Sep 12, 10:21 am, Rick Thomas <[EMAIL PROTECTED]> wrote: > > > I noticed this code > > >http://code.google.com/p/pyib/source/browse/trunk/usercontrol.py --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
