Hello Willi,
thanks for reply.
If i change the rule to block the requests, the Session rate grow up
to 1000/secs.
If i use the redirection option ( to http://127.0.0.1 ), it decreases
to 500/secs.
The DOS-Attack iteself is very strange, it attacks my old clanpage
which has not more than 10 requests per month ... a very high visited
page ;)
The attack produces only traffic... he will never reach the final goal :)
THX haproxy THX willi
regards
Bernhard
----- Nachricht von w...@1wt.eu ---------
Datum: Tue, 16 Mar 2010 09:38:41 +0100
Von: Willy Tarreau <w...@1wt.eu>
Antwort an: Willy Tarreau <w...@1wt.eu>
Betreff: Re: Dos-Attack / Drop Connections
An: Bernhard Krieger <b...@noremorze.at>
Cc: haproxy@formilux.org
On Tue, Mar 16, 2010 at 09:12:39AM +0100, Bernhard Krieger wrote:
Hi,
Since few days i am DOS-attacked on a hosted website on my server.
I set i rule which returns a redirect to 127.0.0.1
acl aclHPOK hdr_reg(User-Agent) .*
redirect location http://127.0.0.1/ if !aclHPOK
Its possible to set a rule to drop this requests instead of
redirecting or return an errorcode?
yes, instead of doing a redirect, you can simply do that :
block if !aclHPOK
Also, your ACL is expensive. You can simply check that the
user-agent header is not empty that way :
acl aclHPOK hdr_reg(User-Agent) .
Regards,
Willy
----- Ende der Nachricht von w...@1wt.eu -----
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.