Task #73622

Attempt to block DOS attacks

Added by Michael Stucki almost 4 years ago. Updated 10 months ago.

Status:
New
Priority:
Must have
Assignee:
-
Target version:
-
Start date:
2016-02-23
Due date:
% Done:

0%


Description

It happened today that someone has tried to download every version of every extension in TER. Intentional or not, however this can stop the whole site from working (which happened today until I blocked the client).

What we need is some module that blocks clients automatically after a number of requests within a defined timeframe.

Preparation:
- Collect software that can help us here
- Define limits


Related issues

Related to Server Team - Feature #88412: GeoIP based logging/blocking on proxy servers New 2019-05-21

History

#1 Updated by Michael Stucki almost 4 years ago

  • Project changed from demo.typo3.org to Server Team

Moving to correct project... :)

#3 Updated by Andri Steiner almost 4 years ago

I could provide a working configuration for nginx which we use since about one year already.

#4 Updated by Michael Stucki almost 4 years ago

Would be great!

#5 Updated by Andri Steiner about 3 years ago

  1. This file was autogenerated. Never ever edit manually!
  2. nginx http connection and request limiting
  3. 25 conn. / IP (global)

limit_conn_zone $binary_remote_addr zone=addr:10m;

#available zones
limit_req_zone $binary_remote_addr zone=small:10m rate=50r/s;
limit_req_zone $binary_remote_addr zone=medium:10m rate=150r/s;
limit_req_zone $binary_remote_addr zone=large:10m rate=500r/s;

#set default zone
limit_conn addr 50;
limit_req zone=small burst=150;

#6 Updated by Mathias Schreiber over 2 years ago

is this implemented yet?

#7 Updated by Steffen Gebert over 2 years ago

No, I gave it a try but couldn't verify correct functionality.

#8 Updated by Michael Stucki 10 months ago

Reminder!

#9 Updated by Michael Stucki 7 months ago

  • Related to Feature #88412: GeoIP based logging/blocking on proxy servers added

Also available in: Atom PDF