Project

General

Profile

[Solved] Block/Throttle Empty Get Requests HTTP/1.1

Added by JasonKing 8 months ago

Hi,
I am facing fue problems, but my website is always down + 503 out of service

I discovered that someone has been using online stresser and all requests are being sent as empty HTTP/1.1 Get requests with different browser user agents.

I have IPTables and all rules against flooding but isn't blocking it.

I tried to add following code to lighttpd.conf maybe I can throttle these Get requests but it isn't working.

I want to throttle empty Get HTTP/1.1 requests , hope if anyone could help.

thanks.

env.SERVER_PROTOCOL == "HTTP/1.1" {
throttle.max-concurrent-connections = 3
throttle.bucket-size = 300
throttle.tokens-per-second = 1
throttle.ban-when-empty = 1
} 


Replies (13)

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 8 months ago

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

I am being flooder with GET HTTP/1.1, I want to try to find a way to throttle it but unfortunately not working.

Can this be done ?

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

How to get Help

lighttpd documentation

Based on your post with absurd syntax, you probably have not attempted to use the documentation on this site. Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

I am trying to block GET Flood Request HTTP/1.1.

I accomplished this with cloudflare but can I accomplish with Lighttpd ?

Here is firewall rule that I am using on Cloudflare maybe it can be converted in someway

(http.request.method eq "GET" and http.request.version eq "HTTP/1.1" and not http.request.headers.truncated and any(len(http.request.headers.values[*])[*] lt 2))

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 8 months ago

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

gstrauss wrote in RE: Block/Throttle Empty Get Requests HTTP/1.1:

You seem to have overlooked my blunt statement, so I'll repeat it once more:

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

What is unclear about my question ?

My Question is " How To Throttle HTTP/1.1 Requests instead of denying them ? "

env.SERVER_PROTOCOL == "HTTP/1.1" {
  url.access-deny = ( "" )
}

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 8 months ago

What is unclear about my question ?

It is clear that you feel entitled. How's that working out for you?

Let me ask you: what is unclear about my directions?

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

You have failed to demonstrate even the most trivial attempts to read or search the existing documentation.
The syntax you are "inventing" is so awful and wrong, and it is obvious that you have not attempted to read the documentation.

lighttpd can do lots of things. The documentation can answer many of your questions and provides examples.

Please try reading/searching the documentation on this site and ask a more specific question if something is unclear in the documentation on this site.

If you have a specific question about something that was unclear in the documentation, please ask.
If you can not be bothered to make any attempt to help yourself, or to help us to help you, then please go away.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

I have already looked through all documentation and on Google and found the code above:

https://superuser.com/questions/1351211/block-requests-in-lighttpd-made-with-http-1-0-and-only-allow-http-1-1

I didn't invent it ;)

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_TrafficShaping

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 8 months ago

Did you read the superuser.com link? "(Solution isn't tested since I switched to nginx a long time ago, but AFAIR it might work.)"
[Edit: I requested edits to the answer on superuser so that the broken syntax gets removed]

I have written many times and bolded that you should search and read the "documentation on this site"

I tried to look into ModSetEnv maybe I can find something related to HTTP/1.1 then I will try to do traffic shaping but I need a rule to match HTTP/1.1

What you seem to be trying to do is very specific and very custom (and not necessarily going to have the results you desire)
mod_magnet exposes the ability to perform request manipulation, including matching the HTTP protocol string.

However, given the abilities you have demonstrated thus far (superuser.com cut-n-paste), I recommend you follow the advice in that superuser.com post and use fail2ban and your firewall. You can log requests with mod_accesslog and can write custom fail2ban rules to match the requests and take action.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

Thank you for your guidance.

I have matched GET HTTP/1.1 with URI / request, but still I am not able to check header values if they are lower or higher than a specific number.


  if (lighty.env["request.protocol"] == "HTTP/1.1") and (lighty.env["request.orig-uri"] == "/") and  (lighty.env["request.method"] == "GET") then
        return 403
  end

I tried also to match response length but it's not working, maybe I am using syntax wrong.

Thank you :)

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 8 months ago

but still I am not able to check header values if they are lower or higher than a specific number.

Unclear.

In any case, if you have questions about how to parse strings in Lua, or convert strings to numbers in Lua, then please refer to the Lua manual.

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by JasonKing 8 months ago

headers usually contain:
user-agent, cookies, ...

I am trying to get header body length, maybe there is a simple way for that.

referred to lighty.r request object:

tried examples with following but couldn't accomplish what I am looking for

lighty.r.resp_body.len

response.body-length

RE: Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss about 2 months ago

mod_magnet documentation mentions the lua pairs() function multiple times.

RE: [Solved] Block/Throttle Empty Get Requests HTTP/1.1 - Added by gstrauss 1 day ago

I am trying to get header body length, maybe there is a simple way for that.

That makes no sense (header != body). Your communication is terrible.
You have little idea what you are talking about and yet expect others to interpret your partial phrases. Fail.

I am guessing that you have failed to consider what the word "response" means, and the difference between request body and response body.

    (1-13/13)