Website being attacked with millions requests. Cloudflare does not help.
What do?
#devstr
Discussion
Accept that the attack like all things is impermanent and even the biggest most valuable websites are unreliable.
Probably nothing.
Hard question to answer. I'm not sure what helps that doesn't cost money. Plus cloudflare just intercepts all that traffic without the user's consent.
We have ways of tuning load balancers, but it's constant upkeep.
IP blocking kind of works (not for ddos) but it limits honest people like me with VPN IPs from low reputation blocks.
Really just lots of CPU, and many layers/balancers. Possibly javascript client-challenges, but this really hurts UX (think captchas)
There was an "open source" telemetry project at some point for this, but I think they kept their intel databases private. I've been thinking rdns lookups, but that's resource intensive and slow.
nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg is there something here about cashu as a way to get a webpage to load and make attacks more expensive
Something that helps, but I've been slow to implement, is cookie monitoring. Someone shared a (kind of outdated) nginx community module that added cookies to requests based on IP addresses. I think after some number of requests on the same IP without a cookie bans the IP address.
nginx isn't great for dynamic request filtering, I don't remember envoy being that good at dynamic L4 either. Id like to see a healthy way filtering could be added to networks at the L3 easily, sure it exists, but I haven't seen an easy way to handle that. Id like not to have to add another layer of buffering and latency to the traffic.
Are they from a specific region? You could block the region for a while
revise the request acceptance policy and maybe add a configuration system that lets you block IP ranges. you can even just do this with ufw
Anubis? It's a PoW web app firewall