On 6/24/2015 8:58 PM, Baptiste wrote: > That said, I'll write a new DDOS protection article once HAProxy 1.6 > will be released, since it embeds some new features which are > interesting on this topic.
I look forward to it. Thank you for your diligence! > Concerning your demand, I don't understand it! > Could you provide me your own configuration (or a fake one) you would > like to be protected adding comment to the type of protection you > expect, then I'll see what I can do. I have an existing config, which doesn't currently have DDOS mitigation in it, with 14 frontend configs and 23 backend configs. 9 of those backends are checks-only that are referenced in the other back ends via the "track" keyword. Another config has fewer config stanzas, but multiple backends are used in each frontend -- it's using SNI. This system is not yet in full production, so it may be a good testing ground for what I'm proposing below: Between the project that CJ Ess referenced and Willy's replies, I may have enough information to try to put together a full config. I will work on that for a while and then see if the list can find any problems with it. Because it's new territory for me, I'll be liberal with comments in the config, so hopefully my reasoning will be clear. Thanks, Shawn
