From be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97 Mon Sep 17 00:00:00 2001
From: Daniel Baumann
+Starting from version 2.1, H2O comes with a mruby script named dos_detector.rb that implements DoS Detection feature.
+The script provides a Rack handler that detects HTTP flooding attacks based on the client's IP address.
+
+Below example uses the mruby script to detect DoS attacks.
+The default detecting strategy is simply counting requests within configured period.
+If the count exceeds configured threshold, the handler returns a
+In the example above, the handler countup the requests within 10 seconds for each IP address, and when the count exceeds 100,
+it returns a
+You can pass the following parameters to The algorithm to detect DoS attacks. You can write and pass your own strategies if needed. The default strategy is Time window in seconds to count requests. The default value is 10. Threshold count of request. The default value is 100. Duration in seconds in which "Banned" client continues to be restricted. The default value is 300. The callback which is called by the handler with detecting result. You can define your own callback to return arbitrary response, set response headers, etc. The default callback returns
+ If set true, the handler uses X-HTTP-Forwarded-For header to get client's IP address if the header exists. The default value is true.
+
+ The capacity of the LRU cache which preserves client's IP address and associated request count. The default value is 128.
+ Basic Usage
+
+403 Forbidden
response.
+Otherwise, the handler returns a 399
response, and the request is delegated internally to the next handler.
+403 Forbidden
response for the request and marks the client as "Banned" for 300 seconds. While marked as "Banned", the handler returns a 403 Forbidden
to all requests from the same IP address.
+Configuring Details
+
+DoSDetector.new
.
+
+
+= $ctx->{example}->('Configuring Details', <<'EOT');
+paths:
+ "/":
+ mruby.handler: |
+ require "dos_detector.rb"
+ DoSDetector.new({
+ :strategy => DoSDetector::CountingStrategy.new,
+ :forwarded => false,
+ :cache_size => 2048,
+ :callback => proc {|env, detected, ip|
+ if detected && ! ip.start_with?("192.168.")
+ [503, {}, ["Service Unavailable"]]
+ else
+ [399, {}, []]
+ end
+ }
+ })
+ file.dir: /path/to/doc_root
+EOT
+?>
+:strategy
+ DoSDetector.CountingStrategy
which takes the following parameters:
+
+:period
+ :threshold
+ :ban_period
+ :callback
+ 403 Forbidden
if DoS detected, otherwise delegate the request to the next handler.:forwarded
+ :cache_size
+