[CentOS-devel] CentOS services being DDoS'd

Mon Aug 7 23:14:48 UTC 2017
Karanbir Singh <mail-lists at karan.org>

On 07/08/17 15:22, Jeff Sheltren wrote:
> On Mon, Aug 7, 2017 at 5:57 AM, Karanbir Singh <mail-lists at karan.org
> <mailto:mail-lists at karan.org>> wrote:
> 
> 
>     > I had recommended and Fabian looked at mod-evasive, but has reservations
>     > around that.  how do people these days typically handle flood situations ?
>     >
> 
> 
> What are the concerns with mod_evasive? I'm not sure if it makes sense
> to add Varnish to the mix, but I've been testing the Varnish vsthrottle
> module for DoS mitigation, and it seems to work well. The nice part with
> doing this in Varnish is it is very customizable within the VCL --
> here's an old post with a small code snippet, but this could be
> customized to whitelist based on any header, source IP, etc. which seems
> to be a lot more flexible than mod_evasive -- and you may get some
> caching benefits from Varnish as well, though not for the larger
> downloads.
> https://old.varnish-cache.org/vmod/vsthrottle-rate-limitingthrottling-v4-and-later
> 

one of our challenges is that the infra itself is fairly well
distributed around the world. so we dont have single egress points.

I believe mod_qos ( based on Patrick Liambocks recommendation ) was
finally part of the solution, I will let Fabian comment in depth around
the work he did and why


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc