Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:config:mitigating-ddos-attacks [2018/12/18 15:50] Jackson Zhang [Trusted IPs] |
litespeed_wiki:config:mitigating-ddos-attacks [2019/01/04 14:36] Jackson Zhang [Order LiteSpeed's Advanced Anti-DDoS Setup Service] |
||
|---|---|---|---|
| Line 94: | Line 94: | ||
| ===== Order LiteSpeed's Advanced Anti-DDoS Setup Service ==== | ===== Order LiteSpeed's Advanced Anti-DDoS Setup Service ==== | ||
| If you need assistance configuring your site to mitigate attacks, check out [[https://store.litespeedtech.com/store/knowledgebase.php?action=displayarticle&id=125|LiteSpeed's Advanced Anti-DDoS Setup Service]]. LiteSpeed Denial of Service Packet Filter Setup Service will fine-tune your anti-DDoS configuration and set up iptables to automatically block attacking IPs detected by the web server. | If you need assistance configuring your site to mitigate attacks, check out [[https://store.litespeedtech.com/store/knowledgebase.php?action=displayarticle&id=125|LiteSpeed's Advanced Anti-DDoS Setup Service]]. LiteSpeed Denial of Service Packet Filter Setup Service will fine-tune your anti-DDoS configuration and set up iptables to automatically block attacking IPs detected by the web server. | ||
| + | |||
| + | This is sufficient for many common attack scenarios. In cases of extreme attacks, this service will not be sufficient, and only custom / hourly support may be appropriate. | ||
| + | |||
| + | In order to determine whether the service fits your needs, we will need to identify the type of attack your site is experiencing - for example, whether it is targeting layer 4 (IP/port) or 7 (HTTP/URL), what the scale of the attack is, how many bots are in the attacking botnet, and whether you have layer 3 protection at the firewall level for synflood attacks. | ||
| + | |||
| + | For example, LiteSpeed Advanced Anti-DDoS Setup will efficiently protect against Layer 7 HTTP and Layer 4 TCP bot attacksl, but not against Layer 3 SYN Flood attack. SYN Flood send SYN packets with spoofed source IP addresses and require Layer 3 protection at the firewall level. If a TCP connection established, it is a Layer 4 attack, but if a TCP connection is not established, it is Layer 3. | ||
| + | |||
| + | Layer 4 TCP connection floods can be detected and blocked by LiteSpeed Advanced Anti-DDos Setup Layer 4 connection hard limit settings. | ||
| + | |||
| + | For large scale attacks, server kernel level settings may need to be adjusted to handle the large amount of HTTP requests during the attack. | ||
| + | |||
| + | Generally speaking, LiteSpeed can handle a up to 1000 bots without problem. If bot number are well over 1000, while the LiteSpeed Web Server can handle the concurrent connections, typically server memory or PHP execution become bottlenecks. LiteSpeed Web Server can be configured to cache the attacked page, reducing the server/PHP resources and increasing the server overall capacity, but this is an example that is well beyond the scope of this service. | ||
| + | |||
| + | When you have a front-end proxy/CDN, the Denial of Service Packet Filter Setup may not work, since it blocks attacking robots at the IP level with iptables. When there is a front proxy, it only sees the IP of the proxy, and it cannot block the proxy IP, as all traffic is coming from that IP. If you have CloudFlare Pro or a similar service already, you may not need Denial of Service Packet Filter Setup Service since they do a similar job. | ||
| + | |||
| + | Should you need such advance support services, they may be requested through evaluation and quotation. | ||
| To order LiteSpeed Advanced Anti-DDos Setup Service, please [[https://store.litespeedtech.com/store/cart.php?gid=5|visit our store]]. | To order LiteSpeed Advanced Anti-DDos Setup Service, please [[https://store.litespeedtech.com/store/cart.php?gid=5|visit our store]]. | ||