On 07/08/17 15:22, Jeff Sheltren wrote:
On Mon, Aug 7, 2017 at 5:57 AM, Karanbir Singh <mail-lists@karan.org mailto:mail-lists@karan.org> wrote:
> I had recommended and Fabian looked at mod-evasive, but has reservations > around that. how do people these days typically handle flood situations ? >What are the concerns with mod_evasive? I'm not sure if it makes sense to add Varnish to the mix, but I've been testing the Varnish vsthrottle module for DoS mitigation, and it seems to work well. The nice part with doing this in Varnish is it is very customizable within the VCL -- here's an old post with a small code snippet, but this could be customized to whitelist based on any header, source IP, etc. which seems to be a lot more flexible than mod_evasive -- and you may get some caching benefits from Varnish as well, though not for the larger downloads. https://old.varnish-cache.org/vmod/vsthrottle-rate-limitingthrottling-v4-and...
one of our challenges is that the infra itself is fairly well distributed around the world. so we dont have single egress points.
I believe mod_qos ( based on Patrick Liambocks recommendation ) was finally part of the solution, I will let Fabian comment in depth around the work he did and why