<div dir="ltr">Limiting number of connections would make a DoS easier, not harder. We would want to increase the connection limits to better handle DoS. However, I dont think this was a DoS. It looked to me like a brute force to get access to the blog, probably to spam it. I set the WP API to return 404 in varnish so that wont happen anymore.<div>
<br></div><div>Also worth noting, my changes last night broke the mediawiki, so this morning I added another exclusion to bypass the cache for wiki pages (in addition to blog pages).</div><div><br></div><div>regards,</div>
<div><br></div><div>-louis</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Aug 20, 2014 at 5:45 AM, Michael Scherer <span dir="ltr"><<a href="mailto:mscherer@redhat.com" target="_blank">mscherer@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Le mardi 19 août 2014 à 17:20 -0400, Louis Zuckerman a écrit :<br>
<div class="">> My take on the incident was it was a brute force against the XML-RPC<br>
> API for wordpress. Intent was probably (imho) to gain access, but<br>
> because server is not configured that great, it caused DoS.<br>
><br>
><br>
> I'm going to do some basic config of the Varnish cache to aggressively<br>
> cache the static web content & block access to the WP API.<br>
><br>
><br>
> If anyone has any other (modest) requests for the Varnish config<br>
> please reply to this email.<br>
<br>
</div>Looking at varnish config this morning, something that may be missing is<br>
the limitation on the number of connexion.<br>
<br>
We should set I guess .max_connections somewhere, but i am not sure if<br>
this would really prevent a dos or something. After all, if we limit the<br>
varnish connection, in the end, it does the same as apache not<br>
answering...<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
--<br>
Michael Scherer<br>
Open Source and Standards, Sysadmin<br>
</div></div><br>_______________________________________________<br>
Gluster-infra mailing list<br>
<a href="mailto:Gluster-infra@gluster.org">Gluster-infra@gluster.org</a><br>
<a href="http://www.gluster.org/mailman/listinfo/gluster-infra" target="_blank">http://www.gluster.org/mailman/listinfo/gluster-infra</a><br>
<br></blockquote></div><br></div>