How to protect yourself from DDoS get requests?

D

dfhusfhgsuo32018-03-14 09:37:11

Nginx

dfhusfhgsuo3, 2018-03-14 09:37:11

Hello. Recently, attackers started ddosing file hosting. Fortunately, most of the holes were closed, but they still manage to put nginx with a large number of get requests to the file. Although there is a limit of 9 downloads, it still falls when the answer is 206.
At what level is it better to protect yourself from this? Scripts, firewall or engine backend?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Yudakov, 2018-03-14
@AlexanderYudakov

A similar problem with the HTTP server is solved as follows:
- we consider the statistics of requests by ip-addresses;
- when the critical threshold is reached, we programmatically add a firewall rule to prohibit the processing of any packets from this address (an overly active client has time to work for no more than a second);
- after a month, the ban is automatically removed, the client can ddo it again - he will have one more second :)
In general, ban as early as possible - if on the local machine, then at the IP protocol level. So that the matter does not even reach the application level. Then there will be no load on your nginx.
Even better, if you can programmatically add a rule to the switch closest to you over the network, then you need to do it there (I haven’t gotten around to that yet).