Haproxy配置抗ddos

https://www.haproxy.com/blog/application-layer-ddos-attack-protection-with-haproxy/

Protecting TCP (non-HTTP) Services

So far, we’ve primarily covered protecting web servers. However, HAProxy can also help in protecting other TCP-based services such as SSH, SMTP, and FTP. The first step is to set up a stick-table that tracks conn_cur and conn_rate:

Next, create or modify a frontend to use this table by adding track and reject rules:

With the usual backend:

Now, each client can establish one SMTP connection at a time. If they try to open a second one while the first is still open, the connection will be immediately closed again.

发表评论

电子邮件地址不会被公开。 必填项已用*标注