Tom Haines on 19 Sep 2012 05:29:15 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Simple protection against DOS attack

I had a situation yesterday where a student flooded our Moodle cluster with enough requests in a short enough period of time to bring the service to it's knees for about four minutes. Looking back at the logs , I see that it was the same page request over and over again. I'd like to put something lightweight in place to protect against these sorts of attacks. We don't need the protection against a sophisticated DDOS attack, but just something to protect against simple attacks like this.

The cluster setup consists of two Cent 5 boxes (using heartbeat for HA) running ldirectord to balance requests back to 6 Ubuntu boxes running lighttpd/php5-fpm to serve out the Moodle PHP pages. The load balancers are very underutilized, and I'd like to put software upstream of ldirectord on those servers to protect against DOS.

My first thought was Apache running mod_security and then proxying the requests to ldirectord, but this would require a lot of overhead. Also running mod_security on the individual nodes isn't really an option because they run lighttpd instead of Apache.

Any thoughts on this?
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug