Indeed you got the point of the issue.
Just to let you know that squid can knock out many products out-there as
a reverse proxy... and is very simple to setup(for me less then a minute)
But you can use haproxy which is very simple to implement or squid.
Nginx is nice and can perform nice as long as it doesn't supply cache,
and also it's far more complicated to setup then squid and maybe also
haproxy.
- Haproxy will handle more requests per second and is preferred by many
admins for this task.
- Squid now(3.4.X and since 3.2) has SMP function which allows it to be
even more then it was in the past.
With the right setup and settings it can be scaled on a 10GBps
links.(not necessarily will benefit from all of it but faster then
teamed\bonded 4 1GBps nics for sure)
If you want to try squid(I am the CentOS RPMs builder for squid) feel
free to contact me and I can compile for you a squid.conf that will be
good for your setup.
All The Bests,
Eliezer
On 07/01/2014 11:26 PM, Francesco Morosinotto wrote:
My suggestion is to implement the fail2ban rules on the reverse
proxy machine and not on the origin server.
If and only if you can't or doesn't want to, then use a PUSH throw
SSH or any other mean to blakclist the IP in the Reverse proxy iptables.
So my problem will only be to pass the to-be-banned ip from server B
(that can decide if an ip has to be banned or not) to server A (that can
ban the ip using iptables)?
cheers
francesco
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
