How to prevent similar DDoS attacks under Linux Dupal

Source: Internet
Author: User
Tags drupal varnish

First, look at the iptable solution.


To solve the SYN flood and DDoS and other recommended use iptable, lighter, is also iptable more good at.
Looking up on the internet, Iptable's recent module can solve the problem,
First look at the parameters of recent,

--name #设定列表名称, default defaults.
--rsource #源地址, this is the default.
--rdest #目的地址
--seconds #指定时间内
--hitcount #命中次数
--set #将地址添加进列表, and updates the information, including the timestamp of the added address.
--rcheck #检查地址是否在列表 to calculate the time as the first match begins.
--update #和rcheck类似 to calculate the time with the last match.
--remove #在列表里删除相应地址, followed by the list name and address.
Final Test, the following code can test through:

#!/bin/bash
Ipt=/sbin/iptables
# Max Connection in seconds
seconds=100
# Max connections per IP
blockcount=10
# ....
# ..
# Default action can be DROP or REJECT
daction= "REJECT"
$IPT-A input-p TCP--dport 80-i eth0-m State--state new-m Recent
$IPT-A input-p TCP--dport 80-i eth0-m State--state new-m recent--update--seconds ${seconds}--hitcount ${BLOCKCOU NT}-j ${daction}
# ....
# ..


If you send more than 10 requests to the server, a connect closed error message appears, indicating success.
Test browser can be, because after 10 requests, many words can be used ab-n xx-c xx.

Second, the varnish solution.

Varnish is the advantage of VCL powerful, before the author used varnish to prevent the operation of the robots, but vcl how to prevent DDoS and the same IP restrictions on the Internet to see a solution, It's security.vcl, but it feels like vcl write too much, I don't know if it's because of the complexity of the function.

See this VCL specifically

Https://github.com/ssm/security.vcl

Finally, Nginx and Apache Solutions

Nginx and Apache are the ultimate Web servers, so the security layer can be put here to do, about concurrent access to the module.
Nginx has a ngx_http_limit_conn_module
Http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
Apache module, Limitipconn
Http://dominia.org/djao/limitipconn2.html

If the computer room with DDoS defense mechanism, so generally no problem. As a result, Drupal can use modules such as fast404 to reduce the CPU pressure caused by more than 404.
And by the way, a security module for Drupal is recommended by Kit:https://www.drupal.org/project/seckit

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.