Another way of doing this in nginx in front of varnish. See the limit_* directives in nginx http://wiki.nginx.org/HttpLimitZoneModule#limit_zone. It depends on your application, but typically, if you have an abusive client(s), you end up serving a lot of the requests from varnish so your apache processes never sees the bulk of the requests. Additionally, your apache threads are a more finite resource, so you want to keep them from all being occupied by the flood of requests if you can.
Hope this helps, Damon On Fri, Mar 9, 2012 at 1:35 AM, Gianni Carabelli <[email protected]> wrote: > Hi all. > I've got few servers with varnish + apache on loopback. > Modsecurity mitigate the problem on the only apache side, but fails with > apache + varnish. > I'm using mod_rpaf to get the right ip address, but probably something > goes wrong. > > I would like to get another approach and try to block the attack > completely in varnish. > In apache, some directive say: "if there are enough connection from this > ip in READ/WRITE state, reject incoming connections from that ip" > Is there a way to do so in varnish? > > Thanks > > JohnnyRun > > ______________________________**_________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-misc<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc> >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
