Project

General

Profile

[Solved] Block/Throttle Empty Get Requests HTTP/1.1

Added by JasonKing about 1 year ago

Hi,
I am facing fue problems, but my website is always down + 503 out of service

I discovered that someone has been using online stresser and all requests are being sent as empty HTTP/1.1 Get requests with different browser user agents.

I have IPTables and all rules against flooding but isn't blocking it.

I tried to add following code to lighttpd.conf maybe I can throttle these Get requests but it isn't working.

I want to throttle empty Get HTTP/1.1 requests , hope if anyone could help.

thanks.

env.SERVER_PROTOCOL == "HTTP/1.1" {
throttle.max-concurrent-connections = 3
throttle.bucket-size = 300
throttle.tokens-per-second = 1
throttle.ban-when-empty = 1
} 


Replies (15)

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 1 year ago

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

I am being flooder with GET HTTP/1.1, I want to try to find a way to throttle it but unfortunately not working.

Can this be done ?

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

I am trying to block GET Flood Request HTTP/1.1.

I accomplished this with cloudflare but can I accomplish with Lighttpd ?

Here is firewall rule that I am using on Cloudflare maybe it can be converted in someway

(http.request.method eq "GET" and http.request.version eq "HTTP/1.1" and not http.request.headers.truncated and any(len(http.request.headers.values[*])[*] lt 2))

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 1 year ago

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

What is unclear about my question ?

My Question is " How To Throttle HTTP/1.1 Requests instead of denying them ? "

env.SERVER_PROTOCOL == "HTTP/1.1" {
  url.access-deny = ( "" )
}

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 1 year ago

What is unclear about my question ?

It is clear that you feel entitled. How's that working out for you?

Let me ask you: what is unclear about my directions?

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

You have failed to demonstrate even the most trivial attempts to read or search the existing documentation.
The syntax you are "inventing" is so awful and wrong, and it is obvious that you have not attempted to read the documentation.

lighttpd can do lots of things. The documentation can answer many of your questions and provides examples.

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

If you have a specific question about something that was unclear in the documentation, please ask.
If you can not be bothered to make any attempt to help yourself, or to help us to help you, then please go away.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

I have already looked through all documentation and on Google and found the code above:

https://superuser.com/questions/1351211/block-requests-in-lighttpd-made-with-http-1-0-and-only-allow-http-1-1

I didn't invent it ;)

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_TrafficShaping

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 1 year ago

Did you read the superuser.com link? "(Solution isn't tested since I switched to nginx a long time ago, but AFAIR it might work.)"
[Edit: I requested edits to the answer on superuser so that the broken syntax gets removed]

I have written many times and bolded that you should search and read the "documentation on this site"

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

What you seem to be trying to do is very specific and very custom (and not necessarily going to have the results you desire)
mod_magnet exposes the ability to perform request manipulation, including matching the HTTP protocol string.

However, given the abilities you have demonstrated thus far (superuser.com cut-n-paste), I recommend you follow the advice in that superuser.com post and use fail2ban and your firewall. You can log requests with mod_accesslog and can write custom fail2ban rules to match the requests and take action.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

Thank you for your guidance.

I have matched GET HTTP/1.1 with URI / request, but still I am not able to check header values if they are lower or higher than a specific number.


  if (lighty.env["request.protocol"] == "HTTP/1.1") and (lighty.env["request.orig-uri"] == "/") and  (lighty.env["request.method"] == "GET") then
        return 403
  end

I tried also to match response length but it's not working, maybe I am using syntax wrong.

Thank you :)

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 1 year ago

but still I am not able to check header values if they are lower or higher than a specific number.

Unclear.

In any case, if you have questions about how to parse strings in Lua, or convert strings to numbers in Lua, then please refer to the Lua manual.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing about 1 year ago

headers usually contain:
user-agent, cookies, ...

I am trying to get header body length, maybe there is a simple way for that.

referred to lighty.r request object:

tried examples with following but couldn't accomplish what I am looking for

lighty.r.resp_body.len

response.body-length

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 9 months ago

mod_magnet documentation mentions the lua pairs() function multiple times.

RE: [Solved] Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 7 months ago

I am trying to get header body length, maybe there is a simple way for that.

That makes no sense (header != body). Your communication is terrible.
You have little idea what you are talking about and yet expect others to interpret your partial phrases. Fail.

I am guessing that you have failed to consider what the word "response" means, and the difference between request body and response body.

RE: [Solved] Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 7 months ago

Hello, Sorry for miscommunication
I failed to clear my idea and point.

I found solution to my problem via haproxy, had to use haproxy with lighttpd. It would be nice to implement it on lighttpd directly

acl has-query query,length gt 0
acl test1 req.hdrs -m reg '(*CRLF)(?m)^[^:]+:.{138,}$'
http-request deny  if METH_GET HTTP_1.1 !has-query test1

https://discourse.haproxy.org/t/convert-cloudflare-rules-to-haproxy/7088

RE: [Solved] Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 7 months ago

lighttpd server.max-request-field-size limits the maximum size of the request header (in bytes) as documented in Configuration: Options

lua pairs() can be used to iterate over lighty.r.req_header table and count = count + 1 can count them.
There is an example in lighttpd security responses

lua (a real and capable programming language) in lighttpd is generally more powerful than the more limited interfaces exposed by other web servers and CDNs.

    (1-15/15)