Welcome! Log In Create A New Profile

Advanced

Patch against server DOS

August 15, 2014 02:16PM
Hello,

My NGINX got a denial of service. The machine proxied large files using "proxy_store".
Someone was creating an artifical request for a rarely used file, causing NGINX to download a big file from upstream, then he immediately closed the connection. NGINX continued to download this file.
Then he did the same again with some other rarely used file.
Within a couple of minutes I had thousands of connections, downloading huge files from the backend.

My solution was, to add a small feature:
proxy_ignore_client_abort 10%;
If the server did not download at least 10% from the backend-machine, he closes the connection to the backend as soon as the client closed the connection to the server, even if "proxy_store" was used.

The patch:
http://doppelbauer.name/abort-upstream-161.patch

Thanks a lot
Markus
Subject Author Posted

Patch against server DOS

double August 15, 2014 02:16PM

Re: Patch against server DOS

B.R. August 16, 2014 04:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 87
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready