Amazon EC2 Load Balancer: Defending against DoS attack?

Posted by netvope on Stack Overflow See other posts from Stack Overflow or by netvope
Published on 2010-03-07T00:04:48Z Indexed on 2010/04/30 1:37 UTC
Read the original article Hit count: 377

Filed under:
|
|
|
|

We usually blacklist IPs address with iptables. But in Amazon EC2, if a connection goes through the Elastic Load Balancer, the remote address will be replaced by the load balancer's address, rendering iptables useless. In the case for HTTP, apparently the only way to find out the real remote address is to look at the HTTP header HTTP_X_FORWARDED_FOR. To me, blocking IPs at the web application level is not an effective way.

What is the best practice to defend against DoS attack in this scenario?

In this article, someone suggested that we can replace Elastic Load Balancer with HAProxy. However, there are certain disadvantages in doing this, and I'm trying to see if there is any better alternatives.

© Stack Overflow or respective owner

Related posts about ec2

Related posts about amazon