On 23/07/2013 9:25 a.m., Fernando Gros Gonzalez wrote:
Hello,
We have a server (for an online game) an we are receiving Ddos
attacks. We don't know anything about Squid, but we would like that
someone explains us how to configure the Windows version of squid to
fight DDos attacks.
Thanks,
Fernando
Hi Fernando,
I assume that your game is using HTTP? if it is not then Squid cannot
help.
If you need more immediate assistance you can also contact the freenode
IRC channel #squid (and #squiddev) and see if anyone is around for a
quick assist.
NP: The current official Windows version of Squid (2.7) cannot handle
more than 2048 concurrent connections, which *very* badly limit its
assistance with DDoS situations. You had better look at a Linux or BSD
box instead which can handle almost 64K concurrent connections.
There is no single DDoS control. The whole of Squid is designed to soak
up as much traffic as possible before it reaches the main server and/or
reject traffic quickly with as minimal processing as possible.
To start with the basic reverse-proxy configuration is very easy to
setup, and you can scale it out as much as you like to cope with traffic
to the users. This will soak up any cacheable content and hopefully
lower the traffic reaching the main server (50%-95% usually depending on
your site design, being a game I imagine you have a lot of dynamic
traffic so you may be on the lower end of that scale).
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Squid also works as a bit of a firewall. For DDoS situation you will
probably not want the simple "http_access allow" the example config
uses. You can use ACLs to match almost any part of the HTTP request or
combination of details in one. If you can share the specific details of
what the DDoS requests look like it would help us craft some ACLs for you.
Amos