On 07/08/17 15:22, Jeff Sheltren wrote: > On Mon, Aug 7, 2017 at 5:57 AM, Karanbir Singh <mail-lists at karan.org > <mailto:mail-lists at karan.org>> wrote: > > > > I had recommended and Fabian looked at mod-evasive, but has reservations > > around that. how do people these days typically handle flood situations ? > > > > > What are the concerns with mod_evasive? I'm not sure if it makes sense > to add Varnish to the mix, but I've been testing the Varnish vsthrottle > module for DoS mitigation, and it seems to work well. The nice part with > doing this in Varnish is it is very customizable within the VCL -- > here's an old post with a small code snippet, but this could be > customized to whitelist based on any header, source IP, etc. which seems > to be a lot more flexible than mod_evasive -- and you may get some > caching benefits from Varnish as well, though not for the larger > downloads. > https://old.varnish-cache.org/vmod/vsthrottle-rate-limitingthrottling-v4-and-later > one of our challenges is that the infra itself is fairly well distributed around the world. so we dont have single egress points. I believe mod_qos ( based on Patrick Liambocks recommendation ) was finally part of the solution, I will let Fabian comment in depth around the work he did and why -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc