Re: DDOS Prevention
It will hreak things that rely on the wildcard handler to resolve servlet mappings, such as flash remoting. But you can get around this by creating those as empty folders. Checkout this article which shows you how using boncode. The same would apply using the standard connector though. http://www.michaels.me.uk/post.cfm/running-railo-and-coldfusion-10-side-by-side-with-boncode Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 27 May 2014 17:33, "Byron Mann" wrote: > > Not to steal the thread, but I remember trying that and something else > broke. I want to say the default doc wasn't working correctly, so I > couldn't get http://domain.com/ to pass off to CF. May have been something > else though. > > One of these days I'll have to give it another try. > > Byron Mann > Lead Engineer & Architect > HostMySite.com > > > On Tue, May 27, 2014 at 11:32 AM, Russ Michaels > wrote: > > > > > For iis modules that don't work with cf the ususl fix is to get rid of > > wildcard handler and use regular handler > > > > Russ Michaels > > www.michaels.me.uk > > cfmldeveloper.com > > cflive.net > > cfsearch.com > > On 27 May 2014 16:22, "Byron Mann" wrote: > > > > > > > > I had issue attempting to get that IP restrictions module to work with > CF > > > 10. Seems as though the request was getting handed off to CF before > > > hitting the IIS module. So it did not seem to work properly at least > for > > > me. I didn't put too much effort into it, as our load-balancer actually > > > handles some of this mitigation. Any DDOS of significance would get > > alerted > > > to our Network Operations team proactively where they usually mitigate > > the > > > issue at the border routers, thus the LB or servers would never see the > > > traffic. > > > > > > You might look into setting up a software based load balancing solution > > to > > > handle this. Something like Nginx which is a good bit more configurable > > > than IIS. There are also services that you can route your traffic > through > > > like CloudFlare, which I believe just uses Nginx in the clusters. > > > > > > > > > Byron Mann > > > Lead Engineer & Architect > > > HostMySite.com > > > > > > > > > On Tue, May 27, 2014 at 11:00 AM, John M Bliss > > > wrote: > > > > > > > > > > > Does anyone have a preferred free / low-cost solution for DDOS > > prevention > > > > for Windows / IIS? > > > > > > > > Anyone have any good/bad experience with > > > > http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions ? > > > > > > > > -- > > > > John Bliss - http://www.linkedin.com/in/jbliss > > > > > > > > > > > > > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358691 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DDOS Prevention
Not to steal the thread, but I remember trying that and something else broke. I want to say the default doc wasn't working correctly, so I couldn't get http://domain.com/ to pass off to CF. May have been something else though. One of these days I'll have to give it another try. Byron Mann Lead Engineer & Architect HostMySite.com On Tue, May 27, 2014 at 11:32 AM, Russ Michaels wrote: > > For iis modules that don't work with cf the ususl fix is to get rid of > wildcard handler and use regular handler > > Russ Michaels > www.michaels.me.uk > cfmldeveloper.com > cflive.net > cfsearch.com > On 27 May 2014 16:22, "Byron Mann" wrote: > > > > > I had issue attempting to get that IP restrictions module to work with CF > > 10. Seems as though the request was getting handed off to CF before > > hitting the IIS module. So it did not seem to work properly at least for > > me. I didn't put too much effort into it, as our load-balancer actually > > handles some of this mitigation. Any DDOS of significance would get > alerted > > to our Network Operations team proactively where they usually mitigate > the > > issue at the border routers, thus the LB or servers would never see the > > traffic. > > > > You might look into setting up a software based load balancing solution > to > > handle this. Something like Nginx which is a good bit more configurable > > than IIS. There are also services that you can route your traffic through > > like CloudFlare, which I believe just uses Nginx in the clusters. > > > > > > Byron Mann > > Lead Engineer & Architect > > HostMySite.com > > > > > > On Tue, May 27, 2014 at 11:00 AM, John M Bliss > > wrote: > > > > > > > > Does anyone have a preferred free / low-cost solution for DDOS > prevention > > > for Windows / IIS? > > > > > > Anyone have any good/bad experience with > > > http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions ? > > > > > > -- > > > John Bliss - http://www.linkedin.com/in/jbliss > > > > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358684 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DDOS Prevention
For iis modules that don't work with cf the ususl fix is to get rid of wildcard handler and use regular handler Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 27 May 2014 16:22, "Byron Mann" wrote: > > I had issue attempting to get that IP restrictions module to work with CF > 10. Seems as though the request was getting handed off to CF before > hitting the IIS module. So it did not seem to work properly at least for > me. I didn't put too much effort into it, as our load-balancer actually > handles some of this mitigation. Any DDOS of significance would get alerted > to our Network Operations team proactively where they usually mitigate the > issue at the border routers, thus the LB or servers would never see the > traffic. > > You might look into setting up a software based load balancing solution to > handle this. Something like Nginx which is a good bit more configurable > than IIS. There are also services that you can route your traffic through > like CloudFlare, which I believe just uses Nginx in the clusters. > > > Byron Mann > Lead Engineer & Architect > HostMySite.com > > > On Tue, May 27, 2014 at 11:00 AM, John M Bliss > wrote: > > > > > Does anyone have a preferred free / low-cost solution for DDOS prevention > > for Windows / IIS? > > > > Anyone have any good/bad experience with > > http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions ? > > > > -- > > John Bliss - http://www.linkedin.com/in/jbliss > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358683 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DDOS Prevention
I had issue attempting to get that IP restrictions module to work with CF 10. Seems as though the request was getting handed off to CF before hitting the IIS module. So it did not seem to work properly at least for me. I didn't put too much effort into it, as our load-balancer actually handles some of this mitigation. Any DDOS of significance would get alerted to our Network Operations team proactively where they usually mitigate the issue at the border routers, thus the LB or servers would never see the traffic. You might look into setting up a software based load balancing solution to handle this. Something like Nginx which is a good bit more configurable than IIS. There are also services that you can route your traffic through like CloudFlare, which I believe just uses Nginx in the clusters. Byron Mann Lead Engineer & Architect HostMySite.com On Tue, May 27, 2014 at 11:00 AM, John M Bliss wrote: > > Does anyone have a preferred free / low-cost solution for DDOS prevention > for Windows / IIS? > > Anyone have any good/bad experience with > http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions ? > > -- > John Bliss - http://www.linkedin.com/in/jbliss > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358682 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
DDOS Prevention
Does anyone have a preferred free / low-cost solution for DDOS prevention for Windows / IIS? Anyone have any good/bad experience with http://www.iis.net/downloads/microsoft/dynamic-ip-restrictions ? -- John Bliss - http://www.linkedin.com/in/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358681 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
