On 6/18/2015 4:32 PM, Shawn Heisey wrote: > On 6/17/2015 9:29 PM, Krishna Kumar (Engineering) wrote: >> Referring to Baptiste's excellent blog on "Use a lb as a first row of >> defense >> against DDoS" @ >> >> http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ >> >> I am not able to find a follow up, if it was written, on combining >> configuration >> examples to improve protection. Is there either another article explaining >> how to combine the configuration settings to protect against multiple >> types of >> DoS attacks, else, how would one do this? > > We have a very good query here. > > I would like to see an example config that combines all of these > techniques together in the same config that has (as an example) 10 front > ends and 30 back ends, rather than seeing each technique in isolation on > a very limited config. Looking at the examples, I can't see how to > combine multiple techniques, especially if I want to apply it to a large > config.
I was going to comment on the blog post so the author would see the request to put together a complete config with multiple front ends and back ends, with all of them using every one of the DDOS techniques included on the blog post. Unfortunately the blog has an unhelpful combination of settings -- new user registration is disabled, and login is required to comment. I believe that the author is active on this list, so I hope that they are watching, and can help fill in the gaps for those of us who are less familiar with how to use haproxy's advanced features. Thanks, Shawn