[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

URI max hits limiting

i have a following architecture (simplified), running on debian
servers (five hp dl380g5 )

loadbalancer  ------- static content servers
|  |
|  |
|  appservers(lighttpd)
database servers

I have number of sites running on this using LVS (ldirectord with DR with xen).

My question is : how can I limit DOS attacks on my database and for
example actions like hitting the same URI 10000 times per hour. It's
main purpose would be to block attempts of "overrating" of user's
profiles because we are doing big competition and don't want to give
the main prize to a cheater.

What i've considered and what's not working :

1. limit connections with mod_evasive on lighttpd but  connections are
made to loadbalancer , not to users' ip addrs
2. cache "last ip addr" of the hit per every php script and always
check the number (it can slow the appservers and database so that it
can crash)
3. limit number of connections from one IP on loadbalancer. Tyupically
there are several connections from one user - let's say 50 for static
content and always only one to app server - so there's no option to do
it because my app servers to min. 50 req/s to database.

Any other suggestions appreciated... Maybe iptables with "uri" mod for
blocking such attempts ... or something ?


Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}

Reply to: