: Try some of the QoS settings now available for either: the firewall(s) the http server the load balancers any OS global settings There are many types of (D)DoS attacks that may happen. The
Try some of the QoS settings now available for either:
the firewall(s)
the http server
the load balancers
any OS global settings
There are many types of (D)DoS attacks that may happen. The situation you have described is limited due to it only coming from one source, multiply that in a distributed attack and a per client limit can be avoided. Another attack could try and cause a memory overflow by filling the state information rapidly. More attacks exist, such as Slowloris so it makes sense to defend yourself holistically.
We like to use L7 firewalls on Linux (regex on packets) and weigh the clients by how often they honour Last-Modified & Etags, alongside other "good behaviour" (faster request times, larger MTUs, persistent connections, etc). You can always throw a Captcha, or artificially delay the response on a single connection with a backoff timer (1 second delay, 2 second delay, 4 second delay, etc). The trick here was to limit by connection (not the IP address, referrer, user agent or some combination thereof).
A future project will be to use the Intrusion Detection system to configure the rate limiting.
HTML 5's cache manifest will effectively disable server load during a F5 refresh and there is always Google Gears.
More posts by @Speyer207
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.