On Wed, Jun 24, 2015 at 09:51:36AM -0600, Shawn Heisey wrote: > I was going to comment on the blog post so the author would see the > request to put together a complete config with multiple front ends and > back ends, with all of them using every one of the DDOS techniques > included on the blog post. Unfortunately the blog has an unhelpful > combination of settings -- new user registration is disabled, and login > is required to comment.
The problem with configs posted on a blog is that people blindly copy-paste them without understanding and then break a lot of things and ask for help. Baptiste takes care of explaining how things work so that people can pick what they need. There's no universal anti-ddos config, we've built a lot of different ones in the past. Each config is almost unique in fact, depending on business cases. You need to keep in mind that fighting DDoS consists in differenciating what looks like a regular visitor *in your case* and what is not. Quite commonly it's extremely tricky and even between various applications hosted behind the same LB you can apply different mechanisms. For example for certain apps it's totally abnormal to have more than X concurrent connections from a single IP address while in other cases it's normal, even to have a lot of requests using a same cookie (think completion for example). So it is important to understand the concepts, how the tools work and can help, then to analyse what happens in your situation and how to fight when the problem happens. You'll even notice that you'll change your protections from one attack to another. > I believe that the author is active on this list, so I hope that they > are watching, Yep, that's Baptiste Assmann. > and can help fill in the gaps for those of us who are less > familiar with how to use haproxy's advanced features. The subject is really vast. You could have one week full of training on the subject and still feel naked at the end. You really need to get dosed and to deploy some hacks in emergency to start to get into it. In fact everything that's implemented in the blog article is about how to limit the breakage for regular visitors. That's why it's so much business-specific. Regards, Willy
