Hi Christian, Sorry for the delay, somehow gmail marked your email as spam :-(
So, vmod-vsthrottle would be my first instinct, or something a bit more refined, like https://github.com/varnish/toolbox/tree/main/vcls/redis_throttle. As for not wanting to block real requests, I think you are always going to have that classification issue, but maybe you can throttle only on the backend side to limit disturbance? -- Guillaume Quintard On Tue, Oct 14, 2025 at 1:32 AM Christian Nölle <[email protected]> wrote: > Hello everyone, > > I would like to hear your opinion on how you would approach this problem. > > We have two Varnish servers running in a load-balancing cluster that > cache TYPO3-based websites. We keep having the problem that script > kiddies like to flood the server with requests and probes for vulnerable > web applications. > > Basically, a WAF is connected upstream of the servers, but every now and > then something gets through that isn't detected. This sometimes puts > stress on our backend servers, so I'm thinking about how best to deal > with it. Mod vsthrottle came to mind, i.e. slowing everything down once > a certain request rate is reached. But of course, I don't want to affect > ‘real’ requests. What comes to mind for you? > > Best regards! > > Christian > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
