Using DoS Detection - Configure - H2O - the optimized HTTP/2 server

+ +

+Configure > +Using DoS Detection +

+ + +

+Starting from version 2.1, H2O comes with a mruby script named dos_detector.rb that implements DoS Detection feature. +The script provides a Rack handler that detects HTTP flooding attacks based on the client's IP address. +

+ +

Basic Usage

+ +

+Below example uses the mruby script to detect DoS attacks. +The default detecting strategy is simply counting requests within configured period. +If the count exceeds configured threshold, the handler returns a 403 Forbidden response. +Otherwise, the handler returns a 399 response, and the request is delegated internally to the next handler. +

+ +

Example. Configuring DoS Detection

paths:
+  "/":
+    mruby.handler: |
+      require "dos_detector.rb"
+      DoSDetector.new({
+        :strategy => DoSDetector::CountingStrategy.new({
+          :period     => 10,  # default
+          :threshold  => 100, # default
+          :ban_period => 300, # default
+        }),
+      })
+    file.dir: /path/to/doc_root
+

+ + +

+In the example above, the handler countup the requests within 10 seconds for each IP address, and when the count exceeds 100, +it returns a 403 Forbidden response for the request and marks the client as "Banned" for 300 seconds. While marked as "Banned", the handler returns a 403 Forbidden to all requests from the same IP address. +

+ +

Configuring Details

+ +

+You can pass the following parameters to DoSDetector.new . +

:strategy +
The algorithm to detect DoS attacks. You can write and pass your own strategies if needed. The default strategy is DoSDetector.CountingStrategy which takes the following parameters:
+
- :period +
  Time window in seconds to count requests. The default value is 10.
  +
- :threshold +
  Threshold count of request. The default value is 100.
  +
- :ban_period +
  Duration in seconds in which "Banned" client continues to be restricted. The default value is 300.
  +
+
:callback +
The callback which is called by the handler with detecting result. You can define your own callback to return arbitrary response, set response headers, etc. The default callback returns 403 Forbidden if DoS detected, otherwise delegate the request to the next handler.
+
:forwarded +
+ If set true, the handler uses X-HTTP-Forwarded-For header to get client's IP address if the header exists. The default value is true. +
+
:cache_size +
+ The capacity of the LRU cache which preserves client's IP address and associated request count. The default value is 128. +
+

Example. Configuring Details

paths:
+  "/":
+    mruby.handler: |
+      require "dos_detector.rb"
+      DoSDetector.new({
+        :strategy => DoSDetector::CountingStrategy.new,
+        :forwarded => false,
+        :cache_size => 2048,
+        :callback => proc {|env, detected, ip|
+          if detected && ! ip.start_with?("192.168.")
+            [503, {}, ["Service Unavailable"]]
+          else
+            [399, {}, []]
+          end
+        }
+      })
+    file.dir: /path/to/doc_root
+

+ +

Points to Notice

+ For now, counting requests is "per-thread" and not shared between multiple threads. +

+ + + + +

+H2O +

+Configure > +Using DoS Detection +

Basic Usage

Configuring Details

Points to Notice