[Gluster-infra] DOS on gluster website
Michael Scherer
mscherer at redhat.com
Wed Aug 20 09:45:04 UTC 2014
Le mardi 19 août 2014 à 17:20 -0400, Louis Zuckerman a écrit :
> My take on the incident was it was a brute force against the XML-RPC
> API for wordpress. Intent was probably (imho) to gain access, but
> because server is not configured that great, it caused DoS.
>
>
> I'm going to do some basic config of the Varnish cache to aggressively
> cache the static web content & block access to the WP API.
>
>
> If anyone has any other (modest) requests for the Varnish config
> please reply to this email.
Looking at varnish config this morning, something that may be missing is
the limitation on the number of connexion.
We should set I guess .max_connections somewhere, but i am not sure if
this would really prevent a dos or something. After all, if we limit the
varnish connection, in the end, it does the same as apache not
answering...
--
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20140820/66e77a9b/attachment.sig>
More information about the Gluster-infra
mailing list