Christopher, there are several questions in the same thread.. The first one about SlowLoris was answered a long ago ( http://tomcat.10.x6.nabble.com/is-tomcat-6-0-35-vulnerable-to-CVE-2007-6750-td5000085.html ). On the contrary, for fast connections opening (DOS), we can configure the firewall in order to temporarily ban an IP if it has reached something like 20 connections/second. The problem becomes more difficult if we're facing a DDOS : if the trafic is good old HTTP then we must challenge our clients (catpcha, javascript) then we know who we have to ban (F5 products can do that, or use Cloudflare/AKAMAI). If it's not HTTP (IP spoofing, DNS recursive requests,..) we need to configure the router or the entrance firewall. I believe there is no cheap solution to fight against a 300G/s flood.
>What about non-users? Blocked by router/firewall if they were sending something really stupid so I don't have any idea about how many of them. Google bots and others, even not 1% of trafic. We had several crash because of too much trafic when thousands of people were connecting at the same time to get a special news from the company. This doesn't happen anymore after buying servers 20 times more powerfull, but I'm not working there anymore. 2015-03-16 21:09 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Aurélien, > > On 3/16/15 9:16 AM, Aurélien Terrestris wrote: >> As browsers (at least the ones I know) open 2 connections to >> browse websites > > That number has been bigger than 2 for quite a while, now: > > http://stackoverflow.com/questions/985431/max-parallel-http-connections-in-a-browser > > We aren't talking about nice clients, here, though, but clients that > are intentionally trying to bring-down a site. The maximum number of > connections a legit web browser will open to a single host/IP is not > relevant. > >> we could have a look on the hourly stats and estimate this (under >> 100 without problem). I never met such problem anyway, the highest >> traffic being 120 000 different users/day. > > What about non-users? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVBzhjAAoJEBzwKT+lPKRYyiMQAMoied29A55351fkrU5HHdkR > nILbSHhxH0UGiCAw+Fcp8SNdP7lD5mLiRH8+Mn9Vlp7TkK8AfQIRPWTwj605RRME > c9e0VWFnNmMvDbKL+DhyMHKTK/c7LgVABh9l7v5JbiSUBtnyQNeQDBtep4Q5oxuz > +P6t7PbDWILLntVHdcUxNMJQFiQkI1VRQ3dYPGu2kRxXTOk7OpHSqZkNhq2XCpH5 > /isZlTJtU02l9GqFb3cNFWc2vM94Lp2ATVfUs6vZdYnUQ1oSrUdsWAy76CKdNjII > HY5KUiRmyNtxY2JDHlqbcjA7rmOOTcb+68T1qy4ZSmQmDLaBuBR0ajWHOgJ4Btp8 > bUgk+4yB32Af8IZ3sr4Asa8aMf1LTNx+1x6TVO0en5VD4WwFbGZ5EdZmW/SZdvWY > 0Bu/RNgaydK/Jac5A4RKlEFfP4VJz/r0ST4Cxqq3t1UC0OHS46SFDg0gwXAnEuSt > Qsk71YeuWJG8zolL05pXqSehr836H1s7FjG2rych1mwa53T+Agx8+5Cp/zd3fv59 > zJ2ivJ7Cr2JAm4CInx7ic0cTuqmjOneRJIKb9WYSzHMoGLw+IVyx3v3Ykru/XlM9 > AOfi5zENQ2tVDKCUBgNSdYd/amS6VNliFzbhkw0/cDYvw7HffxNw6Xd43wg388wG > VrSu31Roqi3bRVr15Mwl > =/YWE > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
