[CentOS-devel] CentOS services being DDoS'd
Jeff Sheltren
jeff at tag1consulting.comMon Aug 7 14:22:50 UTC 2017
- Previous message: [CentOS-devel] CentOS services being DDoS'd
- Next message: [CentOS-devel] CentOS services being DDoS'd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Aug 7, 2017 at 5:57 AM, Karanbir Singh <mail-lists at karan.org> wrote: > > > I had recommended and Fabian looked at mod-evasive, but has reservations > > around that. how do people these days typically handle flood situations > ? > > > What are the concerns with mod_evasive? I'm not sure if it makes sense to add Varnish to the mix, but I've been testing the Varnish vsthrottle module for DoS mitigation, and it seems to work well. The nice part with doing this in Varnish is it is very customizable within the VCL -- here's an old post with a small code snippet, but this could be customized to whitelist based on any header, source IP, etc. which seems to be a lot more flexible than mod_evasive -- and you may get some caching benefits from Varnish as well, though not for the larger downloads. https://old.varnish-cache.org/vmod/vsthrottle-rate-limitingthrottling-v4-and-later -Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20170807/a57d3c08/attachment-0002.html>
- Previous message: [CentOS-devel] CentOS services being DDoS'd
- Next message: [CentOS-devel] CentOS services being DDoS'd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list