Le 9/17/21 à 1:20 PM, Stefan Behte a écrit :
Hi everyone,
surely many on this list have heard about the meris botnet
(https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/)
which uses HTTP/1.1 pipelining for layer 7 attacks.
As far as I can see, it's not possible to disallow HTTP pipelining in haproxy,
so the best possibility could be "option httpclose"?
Of course, this does not solve everything when a ~100k botnet is attacking, but
it could ease the initial load / mitigate the pipelining vector a bit, as the
attack clients have longer RTT.
Or maybe I am missing something?
Hi,
HAproxy does not support HTTP pipelining. But it may be configured to mitigate
ddos attack. There are several mechanisms that you can use, depending on your
applications. A quick search on the net about "haproxy ddos prevention" will
give you several hints.
Regards,
--
Christopher Faulet
