| Clockwork |
10-06-2009 09:24 AM |
lslb - http flood - ddos protection
Hi,
it seems lslb is somewhat different than lsws in flood handling:
Code:
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
["default"] 123.123.123.123 - - [06/Oct/2009:10:02:39 +0200] "GET /images/logo.gif HTTP/1.1" 503 401 "-" "-"
it comes from different IP's, I've just changed those to 123.123.123.123.
lslb just passes this attack to the backend servers, is there any way to configure lslb to detect and block attacks like this?
I've already set "Per Client Dyn Reqs/sec" to 2 in the virtual hosts tab, but this doesn't seem to affect static files. |
