> Varnish or Squid in front of the origin would have prevented the > attack from getting to the Origin. My preference would have been > Varnish since I can write VCL to filter out other requests. A layer 7 > load balancer could also be used, but, again required changes to the > backend. We ended up deploying Nginx in this case. >
Nginx is a good choice. > My intended, but poorly communicated intent, was to explain that > fail2ban is not a panacea to DDOS attacks. Since apache doesn't log > the request early enough in the request processing, fail2ban will sit > there 'failing 2 ban' the attackers. I think fail2ban must have some > affiliate program based on the fact that every time anything regarding > security is mentioned, half a dozen people suggest it. :) > I never use fail2ban. I think lots of people suggest it is because it is mentioned in lots of (old) tutorials on system administration. :) And it is meaningless against slowloris, precisely because the logs don't show anything until well after the beginning of the attack, or when it is over. Anyways, so I was wondering how soon before the botnets start deploying slowloris. Seems like they already have. Vlad -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
