We usually blacklist IPs address with iptables. But in Amazon EC2, if a connection goes through the Elastic Load Balancer, the remote address will be replaced by the load balancer's address, render...

I have asp.Net MVC web application deployed on azure. And have some problems with Slow HTTP POST vulnerability. So I want to configure <\limits> to turn on connectionTimeout. I can`t do this i...

I am configuring nginx for basic DDoS protection. I want to use the limit_conn module as described in http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html. In particular I do not understan...

I need to make a client queue with ThreadPoolExecutor and an ability to drop clients if it exceeds some number (5 for example). It is kinda DDOS protection. When client #6 is requesting my server -...

I am writing a Django app which uses an nginx reverse proxy + gunicorn as a webserver in production. I want to include the capability to stop DDOS attacks from a certain IP (or pool of IPs). This...

I'm having an issue with a web service with users trying to guess application IDs by looping over random IDs. The bad requests are coming from random IPs, so I cannot just ban their IP (unless I d...

I'm implementing a device that ought to respond to SSDP M-SEARCH queries. I'm a device vendor and I don't have control where these devices will be deployed. There's a known DDoS attack that uses ...

I have an issue on a HTML5 web app where I have repetitive data updates via an ajax query every two seconds. The first two or three go through at 175ms, but after this, they slow down to 500ms, fro...

A have a http flood on my server, not so much queries, but anyway. Queries in log 95.55.237.3 - - [06/Sep/2012:14:38:23 +0400] "GET / HTTP/1.0" 200 35551 "-" "Mozilla/5.0 (Windows; U; Windows NT...

I am trying to write a script to prevent brute-force login attempts in a website I'm building. The logic goes something like this: User sends login information. Check if username and passwo...

using node.js, the net module for building a tcp server which can hande http requests. I would like to prevent dos attacks so what I have done is somthing like this: if (status.numOfCurrentReques...

I have a server that is running on aws - it's load balanced to some ec2 instances that run node.js servers. The security groups are set up so that only the LB can hit them on the HTTP port. I was ...

I need to write java code test that will simulate Slowloris HTTP DoS attack on my web server. I've found a perl code that does that: http://ha.ckers.org/slowloris/ My environment is not constant, ...

I'm trying to limit requests to an API on an internal site I've managed to implement mod_evasive to successfully block requests after a specific amount in a specific time. But this is causing pro...

I'm developing an asp.net MVC web application and the client has request that we try our best to make it as resilient as possible to Denial of Service attacks. They are worried that the site may re...

I have an idea for a website that I would like to develop and release. It is a web application that I would like to implement on some form of cloud-based web hosting service (i.e. the Google ...

I am just thinking of moving a website from a VPS to Windows Azure Web Sites. After doing a load test, I accidentally took down my test website, using around 30MB over the daily bandwidth. T...

I can't access Plesk Amdin because of DOS attack; can I block a hostname or IP address through SSH? If so, how would I be able to do this? Thank you!

I don't want someone keep F5 my site or using some tool to request the page frequently. That is to say, prevent an Action or the Controller to be invoked frequently by one client. How can I impl...

My understanding is that the only way to really mitigate a DDoS attack is to automate the process of blacklisting IP addresses/ranges. Google App Engine (GAE) allows you to configure and upload a ...

If I introduce a Thread.Sleep(x) delay while rendering my HTTP response, where x would change depending on the rate of requests from a given IP: from being zero while request rate is low, and gradu...

Below excerpt is from an article that explains possibility of Denial Of Service(DoS) attack because of non random hash functions used in Hash Data Structures. […] the condition can be leveraged...

I have made a program using urllib2 that makes a lot of connections across the web. I noticed that eventually that this can be DDoS worthy; I would like to know how to close down each connect...

Related: C++ Winsock API how to get connecting client IP before accepting the connection? Hi, when you are running a TCP server (written in C, using the Berkeley Socket API) is it possible to r...

I am writing a web server application in C# and using StreamReader class to read from an underlying NetworkStream: NetworkStream ns = new NetworkStream(clientSocket); StreamReader sr = new Strea...