Project

General

Profile

Block/Throttle Empty Get Requests HTTP/1.1

Added by JasonKing 7 days ago

Hi,
I am facing fue problems, but my website is always down + 503 out of service

I discovered that someone has been using online stresser and all requests are being sent as empty HTTP/1.1 Get requests with different browser user agents.

I have IPTables and all rules against flooding but isn't blocking it.

I tried to add following code to lighttpd.conf maybe I can throttle these Get requests but it isn't working.

I want to throttle empty Get HTTP/1.1 requests , hope if anyone could help.

thanks.

env.SERVER_PROTOCOL == "HTTP/1.1" {
throttle.max-concurrent-connections = 3
throttle.bucket-size = 300
throttle.tokens-per-second = 1
throttle.ban-when-empty = 1
} 


Replies (8)

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 7 days ago

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 7 days ago

I am being flooder with GET HTTP/1.1, I want to try to find a way to throttle it but unfortunately not working.

Can this be done ?

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 7 days ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

I am trying to block GET Flood Request HTTP/1.1.

I accomplished this with cloudflare but can I accomplish with Lighttpd ?

Here is firewall rule that I am using on Cloudflare maybe it can be converted in someway

(http.request.method eq "GET" and http.request.version eq "HTTP/1.1" and not http.request.headers.truncated and any(len(http.request.headers.values[*])[*] lt 2))

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 7 days ago

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 6 days ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

What is unclear about my question ?

My Question is " How To Throttle HTTP/1.1 Requests instead of denying them ? "

env.SERVER_PROTOCOL == "HTTP/1.1" {
  url.access-deny = ( "" )
}

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 6 days ago

What is unclear about my question ?

It is clear that you feel entitled. How's that working out for you?

Let me ask you: what is unclear about my directions?

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

You have failed to demonstrate even the most trivial attempts to read or search the existing documentation.
The syntax you are "inventing" is so awful and wrong, and it is obvious that you have not attempted to read the documentation.

lighttpd can do lots of things. The documentation can answer many of your questions and provides examples.

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

If you have a specific question about something that was unclear in the documentation, please ask.
If you can not be bothered to make any attempt to help yourself, or to help us to help you, then please go away.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 6 days ago

I have already looked through all documentation and on Google and found the code above:

https://superuser.com/questions/1351211/block-requests-in-lighttpd-made-with-http-1-0-and-only-allow-http-1-1

I didn't invent it ;)

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_TrafficShaping

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 6 days ago

Did you read the superuser.com link? "(Solution isn't tested since I switched to nginx a long time ago, but AFAIR it might work.)"
[Edit: I requested edits to the answer on superuser so that the broken syntax gets removed]

I have written many times and bolded that you should search and read the "documentation on this site"

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

What you seem to be trying to do is very specific and very custom (and not necessarily going to have the results you desire)
mod_magnet exposes the ability to perform request manipulation, including matching the HTTP protocol string.

However, given the abilities you have demonstrated thus far (superuser.com cut-n-paste), I recommend you follow the advice in that superuser.com post and use fail2ban and your firewall. You can log requests with mod_accesslog and can write custom fail2ban rules to match the requests and take action.

    (1-8/8)