Alternate fallback content for DDoS #858

krizhanovsky · 2017-11-09T20:04:55Z

During complex DDoS attack, which can not be reliably filtered out with acceptable confidence that no legitimate users are affected, it has sense to switch to lightweight content of a protected web site. For example if a site has relatively heavy logic requesting a database, then an administrator can define alternate, static and lightweight, site content which is going to be used under DDoS only. The content must be delivered iff:

there is a stress condition in sense of HTTP QoS for asymmetric DDoS mitigation #488;
a client isn't from the white list;
a client doesn't match any limit which clearly define them as a bot.

The alternate content must be loaded to web cache on Tempesta FW start to be always hot. Depends on web server mode.

The site content must be 'locked' the the cache DB, i.e. never evicted #515.

krizhanovsky added enhancement security labels Nov 9, 2017

krizhanovsky added this to the 1.0 WebOS milestone Nov 9, 2017

krizhanovsky changed the title ~~Alternate fallback conent for DDoS~~ Alternate fallback content for DDoS Nov 9, 2017

krizhanovsky modified the milestones: backlog, 0.10 Kernel-User Space Transport Jan 15, 2018

krizhanovsky modified the milestones: 1.4 TBD (Kernel-User Space Transport), 1.2 TBD Jan 3, 2022

krizhanovsky mentioned this issue Sep 8, 2022

TDBv0.2: Cache background revalidation and eviction #515

Open

22 tasks

krizhanovsky modified the milestones: 1.xx TBD, backlog Apr 19, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Alternate fallback content for DDoS #858

Alternate fallback content for DDoS #858

krizhanovsky commented Nov 9, 2017 •

edited

Alternate fallback content for DDoS #858

Alternate fallback content for DDoS #858

Comments

krizhanovsky commented Nov 9, 2017 • edited

krizhanovsky commented Nov 9, 2017 •

edited