Search squid archive

Re: Configuring Squid for windows to fight DDoS attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/07/2013 9:25 a.m., Fernando Gros Gonzalez wrote:
Hello,

We have a server (for an online game) an we are receiving Ddos
attacks. We don't know anything about Squid, but we would like that
someone explains us how to configure the Windows version of squid to
fight DDos attacks.

Thanks,

Fernando

Hi Fernando,
I assume that your game is using HTTP? if it is not then Squid cannot help.

If you need more immediate assistance you can also contact the freenode IRC channel #squid (and #squiddev) and see if anyone is around for a quick assist.

NP: The current official Windows version of Squid (2.7) cannot handle more than 2048 concurrent connections, which *very* badly limit its assistance with DDoS situations. You had better look at a Linux or BSD box instead which can handle almost 64K concurrent connections.

There is no single DDoS control. The whole of Squid is designed to soak up as much traffic as possible before it reaches the main server and/or reject traffic quickly with as minimal processing as possible.

To start with the basic reverse-proxy configuration is very easy to setup, and you can scale it out as much as you like to cope with traffic to the users. This will soak up any cacheable content and hopefully lower the traffic reaching the main server (50%-95% usually depending on your site design, being a game I imagine you have a lot of dynamic traffic so you may be on the lower end of that scale).
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Squid also works as a bit of a firewall. For DDoS situation you will probably not want the simple "http_access allow" the example config uses. You can use ACLs to match almost any part of the HTTP request or combination of details in one. If you can share the specific details of what the DDoS requests look like it would help us craft some ACLs for you.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux