Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Varnish>
  3. Misc
varnish anti DOS feature
dwetzel at nerim
Apr 24, 2007, 1:49 AM
Post #1 of 2 (326 views)
Permalink
Hello all,
Coming from the CDN space, one of the main reasons that
makes people giving up extraordinary amount of money to CDNs is
to prevent against DOS.
I wondered if you have thought about protecting varnish against DOS
when designing it or if you will ?
Best regards,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damien WETZEL ("`-/")_.-'"``-._
ATANAR TECHNOLOGIES . . `; -._ )-;-,_`)
(v_,)' _ )`-.\ ``-'
Phone:+33 1 45 43 02 90 _.- _..-_/ / ((.'
- So much to do, so little time - ((,.-' ((,/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
varnish anti DOS feature [ In reply to ]
phk at phk
Apr 24, 2007, 2:54 AM
Post #2 of 2 (305 views)
Permalink
In message <17965.50357.545551.224112 at dwetzel@nerim.net>, Damien Wetzel writes:
>Hello all,
>Coming from the CDN space, one of the main reasons that
>makes people giving up extraordinary amount of money to CDNs is
>to prevent against DOS.
>I wondered if you have thought about protecting varnish against DOS
>when designing it or if you will ?

We did think about it a bit, and it is more or less the only reason we
keep per-source-ip statistics. You will be able to do something like

if (client.bandwidth > 1 mbit/s) {
sleep 1 s;
}

and similar once I get to those pieces.

As always: Ideas are most welcome

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal