wt application using wthttpd that is currently suffering a DDOS attack
I have a wt application using wthttpd that is currently suffering a DDOS attack running on ubuntu 20.04 at http://gd.geobytes.com:80/GetCityDetails (Fortunately they are not hitting the HTTPS port yet - which at the time of writing was still operating.)
netstat shows about 4000 established connections from what appears to be spoofed IP Addresses as I can't traceroute back to them. What I am hoping for is a way to force-close these connections or cause them to timeout very quickly.
I have tried 2 in wt_config.xml
FYI: the wt application only uses classes derived from Wt::WResource, and does not derive from WApplication.
Any tips on how I might be able to either configure the server to withstand this kind of attack or how I might from within the code terminate an established connection as soon as I establish that it does not have a valid payload would be greatly appreciated.
In any case, thank you for your consideration.
Updated by Korneel Dumon over 1 year ago
I'm not an expert in these issues, so I may be missing something. But if you don't have
WApplication, Wt should not keep open connections. The
timeout parameter in
wt_config.xml is related to cleanup of dead
WApplications. A WResource is generally not stateful and the request will end as soon as
WResource::handleRequest() is finished.
Updated by Adrian McElligott over 1 year ago
I don't think that it exist, but what would be handy is a way to force close the underlying socket. As the DDOS uses HTTP1/1 "keep alive" to keep the connection open, they are overwhelming the server with connects to a WResource. They are not application-level connections. I wonder if anyone else has had to deal with this, and if so how they did it. My current thinking is to relocate from wthttpd to behind apache or nginx, and then to use some kind of WAF (web application firewall) extension or plugin from there.
Thanks again for your help, I appreciate it.