![]() ![]() So let's construct some rules based on source IP address rate limiting. Genuine web users are unlikely to generate 10 application errors in 20 seconds - unless your application is broken, and then you have bigger problems!.Web browser users won't click more than 10 pages in 10 seconds!.Web browsers won't generate more than 5-7 concurrent connections per domain.You can usually make some generic assumptions about web browser traffic, such as: But in most scenarios for a public-facing website you have to be fairly lenient. ![]() If you know that your site receives low traffic (such as an internal application with authentication) you can set some fairly strict and specific rules to block brute force access. The most important thing when blocking brute force attacks is not to block any legitimate traffic. I've focused on how you would implement the techniques using the appliance,but they are easily transferable to any HAProxy based cluster. This blog describes some simple methods of mitigating single-source IP DOS attacks using HAProxy. If an application is highly dynamic or database-intensive it can be remarkably simple to degrade or cripple the functionality of a site. Denial of Service (DOS) attacks can be especially effective against certain types of web application. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |