aiScaler Automates Denial of Service (DoS) Protection & Notification
Posted by Max Robbins on August 16th, 2015We get the following call frequently. My site is under DoS attack and is down can you help!
We think it would be nice if your DoS protection could understand when an attack starts and then implement protection immediately.
So Introducing auto-activation and notification of our IP throttling technology.
This allows you to set thresholds such as Request-Per-Second that would indicate a DoS attack is in progress. When these thresholds are exceeded aiScaler will auto-implement IP throttling and send a notification indicating you are under attack.
No worries even if your thresholds are exceeded by normal traffic spikes, aiScaler will not effect your performance. In fact we like to think of ourselves as the only DoS protection that radically increases the speed of your site.
So if you are unfamiliar with our four level dos Protection please see our overview:
Or for the more detailed tech view grab DoS in the index of our Admin guide.
Below you can see a more techy view of how the auto-implementation is configured.
You can tell aiScaler to auto-activate the IP throttling by configuring the following server-level
settings:
auto_throttle_cps and
auto_throttle_cps_interval.
Effectively, you’re telling aiScaler: activate throttling when number of client connections per second exceeds the auto_throttle_cps , activate it for auto_throttle_cps_interval seconds (defaults to 600 seconds).
After this interval passed, aiScaler will re-test the CPS against the provided limit and should the CPS drop below the threshold, the throttling will be disabled.
Both enabling and disabling of the throttling will be logged in the aiScaler error log file.
Both the total and per/sec numbers of requests and/or connections that were throttled due to intelligent request throttling, is displayed/reported via CLI, SNMP and Web interfaces.
____________________________________________________________
You can implement aiScaler in your data-center or from a cloud instance without changing your architecture and we give 2 hours of free install support.
I’m interested to find out how many of your customers actually use this kind of DOS functionality?
One of the difficulties of automating DOS protection is how easy it can be to accidentally break valid traffic through other proxies et (single source IP etc.). You can use cookies to differentiate valid traffic, or a WAF to try and detect multiple session attacks i.e. DDOS.
At Loadbalancer.org we find our customers tend to want fairly complex rules implemented for DOS or DDOS so we let them make manual configurations for example: http://www.loadbalancer.org/uk/blog/simple-denial-of-service-dos-attack-mitigation-using-haproxy-2
Is your throttle command simply a layer 4 netfilter implementation?
And what would you recommend as a safe setting?
Hi Malcolm,
aiProtect is easily integrated with aiScaler and aiMobile, therefore a lot of our customers use at least two of them.
We offer
– blocking based on patterns (to protect from SQL injections, for example)
– blocking based on request throttling where you can set how many requests can be accepted in a certain period of time. Additionally, you can set how many times this limit can be broken before the IP gets banned (to avoid false-positives)
– flexible human challenges (CAPTCHAs, logical questions), which allow real users to bypass the ban
The safe setting always varies, but we start with:
– Allow 100 requests every 2 seconds from a single IP
– Ban the IP for 600 seconds after 5 times breaking the limit