| I work at a CDN/Security engineering company, but this is just my view. First off you need to determine where the attack is coming from. You could redirect based on IP/request headers in a .htaccess file or apache rules. Your next bet is to distribute/auto-scale your application if possible. You need to setup a web application firewall that sits in front of your web servers and analyzes the requests/responses that hit the web servers. A lot of the ddos campaigns are easy to identify based on the request headers/IP/Geo and requests/second. It's not hard to write a small web server/proxy to do this, but it would be best left to someone who knows what they're doing because you don't want to block real user requests. You can use ModSecurity's open source WAF for apache/nginx, but again you have to know what you're doing. When I faced this issue, I wrote a small web server/proxy here that you can start on port 80: https://github.com/julesbond007/java-nio-web-server Here I wrote some rules to drop the request if it's malicious: https://github.com/julesbond007/java-nio-web-server/blob/mas... |