|
|
|
|
|
|
by damm
3576 days ago
|
|
|
1. Have a big enough pipe; if you are getting a DDoS attack of 2Gigabits/second and your uplink is 1Gigabit there is nothing you can do except look for someone else to filter your traffic. (They have to basically take on the 2gig ddos; filter it and then pass back the valid traffic to you). Verisign and others offer this service; typically using DNS. However often they support BGP 2. Add limiting factors; if you have an abusive customer rate limit them in nginx. If you are expecting a heavy day rate limit the whole site. 3. Stress testing and likely designing your website to withstand DDoS attacks. You can cache or not cache; that's not really the question. Handling a DDoS means what can you do to mitigate the extreme amount of traffic and still allow everything else to work. |
|
|