> I had recommended and Fabian looked at mod-evasive, but has reservations
> around that. how do people these days typically handle flood situations ?
>
What are the concerns with mod_evasive? I'm not sure if it makes sense to add Varnish to the mix, but I've been testing the Varnish vsthrottle module for DoS mitigation, and it seems to work well. The nice part with doing this in Varnish is it is very customizable within the VCL -- here's an old post with a small code snippet, but this could be customized to whitelist based on any header, source IP, etc. which seems to be a lot more flexible than mod_evasive -- and you may get some caching benefits from Varnish as well, though not for the larger downloads. https://old.varnish-cache.org/vmod/vsthrottle-rate-limitingthrottling-v4-and-later