Someone posted a link to a really tricked out anti-ddos haproxy config not long ago, it might be interesting to you:
https://github.com/analytically/haproxy-ddos On Wed, Jun 24, 2015 at 11:51 AM, Shawn Heisey <[email protected]> wrote: > On 6/18/2015 4:32 PM, Shawn Heisey wrote: > > On 6/17/2015 9:29 PM, Krishna Kumar (Engineering) wrote: > >> Referring to Baptiste's excellent blog on "Use a lb as a first row of > >> defense > >> against DDoS" @ > >> > >> > http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ > >> > >> I am not able to find a follow up, if it was written, on combining > >> configuration > >> examples to improve protection. Is there either another article > explaining > >> how to combine the configuration settings to protect against multiple > >> types of > >> DoS attacks, else, how would one do this? > > > > We have a very good query here. > > > > I would like to see an example config that combines all of these > > techniques together in the same config that has (as an example) 10 front > > ends and 30 back ends, rather than seeing each technique in isolation on > > a very limited config. Looking at the examples, I can't see how to > > combine multiple techniques, especially if I want to apply it to a large > > config. > > I was going to comment on the blog post so the author would see the > request to put together a complete config with multiple front ends and > back ends, with all of them using every one of the DDOS techniques > included on the blog post. Unfortunately the blog has an unhelpful > combination of settings -- new user registration is disabled, and login > is required to comment. > > I believe that the author is active on this list, so I hope that they > are watching, and can help fill in the gaps for those of us who are less > familiar with how to use haproxy's advanced features. > > Thanks, > Shawn > > >
