On 1/12/2015 8:19 a.m., Eliezer Croitoru wrote: > I was wondering if someone have a nice idea on how to use squid to > protect against DOS\DDOS http\https attacks. > > The basic way I was thinking is rate limiting by counting the client IP > page HITs but I am unsure about it since it can actually catch the good > guys and bite my squid setup. > > The other way I was thinking was some kind of a challenge like a captcha > page. > > Also I have seen something like JavaScript browser challenge being used. > > What do you think would be the right choice? Fast automated detection. Absolute minimal response to identified requests. Push the cost as far back up the traffic path towards the attacker as possible. Those are the answers to DDoS. > > If you have another idea please send me or the list an email. > Squid already does pretty well against many of the common (old'ish) DDoS types. Though there are some countermeasures that could still be improved, and some DDoS types that are not protected against at all. There are many forms of DoS to begin with, and *how* the DoS is turned into DDoS is one of the important considerations. There are many possible forms that could take. So the big question to start with is what type of DDoS are you trying to protect against? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
