How to prevent others from maliciously requesting their websites using testing software such as AB

For example, how to prevent others from maliciously requesting their own websites using testing software such as AB? For example, how to prevent others from maliciously requesting their own websites using testing software such as AB?

Reply content:

For example, how to prevent others from maliciously requesting their websites using AB testing software?

NginxYou can use HttpLimitReqModule.
This module can use specific client Identifiers (such as IP addresses and UA) to limit the access frequency of the client within a certain period of time, which is much more resource-saving than the control in the program.

If you want to prevent code attacks, you can only limit the number of accesses by ip addresses within a period of time.
You can record the access time and times in the session, and then compare it with your own access restrictions. If the limit is exceeded, it is considered as malicious access. Return 404 to him.

Currently, this type of software can simulate browser requests. Therefore, a small number of requests cannot be blocked.
However, using such software to request your website usually has other purposes and will produce a large number of repeated requests.
You can control the number of requests per unit time. Abnormal requests generated by the same IP address or the same userAgint are prohibited through program judgment.
However, even if the program makes a judgment and the request enters the processing stage, the performance will still be affected. Therefore, it is best to use the cache method to implement repeated responses in combination with other processing methods, avoid excessive CPU consumption. IP addresses that identify problems should be blocked on the firewall.

Are you talking about me? Haha
IP addresses can be blocked. IP requests are too frequent within a period of time and cannot be processed directly.
It seems that many small companies have not done this, so a stress test basically fails.