[squid-users] Looking for ideas on how to use squid in order to protect against a DOS\DDOS.

[Amos Jeffries]

On 1/12/2015 8:19 a.m., Eliezer Croitoru wrote:
> I was wondering if someone have a nice idea on how to use squid to
> protect against DOS\DDOS http\https attacks.
> 
> The basic way I was thinking is rate limiting by counting the client IP
> page HITs but I am unsure about it since it can actually catch the good
> guys and bite my squid setup.
> 
> The other way I was thinking was some kind of a challenge like a captcha
> page.
> 
> Also I have seen something like JavaScript browser challenge being used.
> 
> What do you think would be the right choice?

Fast automated detection. Absolute minimal response to identified
requests. Push the cost as far back up the traffic path towards the
attacker as possible. Those are the answers to DDoS.

> 
> If you have another idea please send me or the list an email.
> 

Squid already does pretty well against many of the common (old'ish) DDoS
types. Though there are some countermeasures that could still be
improved, and some DDoS types that are not protected against at all.

There are many forms of DoS to begin with, and *how* the DoS is turned
into DDoS is one of the important considerations. There are many
possible forms that could take. So the big question to start with is
what type of DDoS are you trying to protect against?

Amos