January 16, 2007

Blocking DoS attacks, maybe...

Mads / .NET Slave has posted an HttpModule for blocking DoS attacks. How does it work? Well any IP address that accesses your page more than 10 times per second gets banned for 5 minutes. All settings are configurable, for example you could ban on 15 requests per 2 seconds for 10 minutes.

I would certainly recommend that you do some testing to find a decent setting. Also some comments have come up on Mads' post wondering about more detail like: What if you're being hit by AOL's proxy server or a search engine bot? You'll have to take into account how your visitors access your website too. I will be playing around with the source and seeing how it reacts to an AJAX-enabled site as well.

kick it on DotNetKicks.com

No comments: