I like your idea, I'll look into that ... On Wed, Feb 16, 2011 at 6:13 PM, <[email protected]> wrote:
> As someone else said best to use a firewall, if you want to use a simple > one just run iptables, since this is only DoS you best to use rate limit > connections per IP, depending on the number of objects etc you should be > able to get away with keeping connections to a fairly low number and not > hampering browsing experience at all. It would need to move to being DDoS > for it to bring it down. > > Only cheaty way I can think of doing it in the vcl is to define multiple > backends one with no max_connections and one with a fairly low > max_connections. Define some ip acl's using netblocks. If you feel all of > the hammering comes from china and very little legit web traffic you could > find their netblocks and force them to use the one with a set limit on > .max_connections while others dont have such limits. Vice versa, if you > expect 90% of traffic to be within your own country allow those to connect > to the backend with higher max_connections and have everyone else connect > with a low number. If someone tries to hammer your page it will just starve > those outside your target audience but keep your backend healthy and your > regular visitors fine. Lots of caveats in that and wouldn't recommend it, > purely for science. Definitely use a firewall or other tools. > > Nick > > > > > From: alexus <[email protected]> > To: [email protected] > Date: 02/17/2011 07:37 AM > Subject: DDOS > Sent by: [email protected] > ------------------------------ > > > > How does Varnish handles DDOS? > > here is my problem, in our environment varnish servers static pages > but dynamic pages it passed to application server (apache). > so every onces in a while we have some attacker(s) who start doing > some sort of attacks against us, and apache hits very high load on > server and about to go down... > so I look up an IP address and I block it on Varnish .vcl file, and > load goes back to normal right away... > is there something that can be done automatically? or is there > anything can be done at all to somehow handle this type of issue? > > please advise > > -- > http://alexus.org/ > > > _______________________________________________ > varnish-misc mailing list > [email protected] > http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > * > * > > * > Sony Computer Entertainment Australia Pty Ltd* > Level 1, 63-73 Ann Street Surry Hills NSW 2010 > P.O. Box 5023 Darlinghurst NSW 2010 > ph: +61 (0)2 9324 9500 fax: +61 (0)2 9324 9558 > > *http://au.playstation.com* <http://au.playstation.com/>* > **http://www.facebook.com/PlayStationAU*<http://www.facebook.com/PlaystationAU> > > > * > New tools, new games, new fun. > Sackboy returns in LittleBigPlanet 2 > Out now and exclusive to PlayStation 3* > > * > *[image: LBP2] <http://www.littlebigplanet.com/> > > ********************************************************************** > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify [email protected] > This footnote also confirms that this email message has been checked for > all known viruses. > Sony Computer Entertainment Australia Pty. Limited > Registered Office: Level 1, 63-73 Ann Street, Surry Hills, NSW 2010 > Australia > Registered in Australia: 077 583 183 > ********************************************************************** > > P* Please consider the environment before printing this e-mail* > > > _______________________________________________ > varnish-misc mailing list > [email protected] > http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- http://alexus.org/
_______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
