> On Wed, Jun 24, 2015 at 11:33 PM, Shawn Heisey <[email protected]> wrote:
I agree - the blog talks of handling multiple attacks individually, but what we are trying to understand is - "how can we handle multiple types of attacks in a single configuration". Not the exact configuration file, but the concept to implement this (assuming this is something that can be explained). I think this is a great and very high performant software, with a very helpful community. Thanks a lot to all contributors, and especially to Willy, and Baptiste for the useful blogs that have helped people to adopt haproxy for their LB needs. Regards, - Krishna Kumar > 6/24/2015 11:12 AM, Willy Tarreau wrote: > > The problem with configs posted on a blog is that people blindly > copy-paste > > them without understanding and then break a lot of things and ask for > help. > > Baptiste takes care of explaining how things work so that people can pick > > what they need. There's no universal anti-ddos config, we've built a lot > of > > different ones in the past. Each config is almost unique in fact, > depending > > on business cases. You need to keep in mind that fighting DDoS consists > in > > differenciating what looks like a regular visitor *in your case* and what > > is not. Quite commonly it's extremely tricky and even between various > > applications hosted behind the same LB you can apply different > mechanisms. > > For example for certain apps it's totally abnormal to have more than X > > concurrent connections from a single IP address while in other cases it's > > normal, even to have a lot of requests using a same cookie (think > completion > > for example). > > > > So it is important to understand the concepts, how the tools work and can > > help, then to analyse what happens in your situation and how to fight > when > > the problem happens. You'll even notice that you'll change your > protections > > from one attack to another. > > I always treat sample configs as a starting point that will need > significant tweaking for my specific situation. For instance, I already > know that 10 connections from one IP address won't be enough for several > of our websites, partly because there are some customers who have > several users in one location who will almost certainly be connecting > from the same public IP address. > > That said, I know that there are plenty of people out there who will > copy/paste a sample config and expect it to make their bed and fillet > their fish. I get irritated with those people who won't make an effort > to actually understand what their systems are doing. > > For this specific situation, I'm hoping to learn how to successfully > combine the techniques on the blog post into one config without screwing > it up. If I run into trouble, I will try to solve it on my own before I > come back here to ask for help, and if that's required, I will try to > ask intelligent questions and provide all relevant information at the > start. > > > The subject is really vast. You could have one week full of training on > the > > subject and still feel naked at the end. > > I've gotten that impression. I use a number of other open source > projects which have even steeper learning curves. The basics of haproxy > were quite easy to grasp, but I know that there's a lot of unexplored > depth, some of which I may never use. > > Thank you for everything you do. You are one of the unsung heroes who > make the guts of the Internet possible. > > Shawn > > > -- ------------------------------------------------------------------------------------------------------------------------------------------ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although Flipkart has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments
