Hello,
My NGINX got a denial of service. The machine proxied large files using "proxy_store".
Someone was creating an artifical request for a rarely used file, causing NGINX to download a big file from upstream, then he immediately closed the connection. NGINX continued to download this file.
Then he did the same again with some other rarely used file.
Within a couple of minutes I had thousands of connections, downloading huge files from the backend.
My solution was, to add a small feature:
proxy_ignore_client_abort 10%;
If the server did not download at least 10% from the backend-machine, he closes the connection to the backend as soon as the client closed the connection to the server, even if "proxy_store" was used.
The patch:
http://doppelbauer.name/abort-upstream-161.patch
Thanks a lot
Markus
My NGINX got a denial of service. The machine proxied large files using "proxy_store".
Someone was creating an artifical request for a rarely used file, causing NGINX to download a big file from upstream, then he immediately closed the connection. NGINX continued to download this file.
Then he did the same again with some other rarely used file.
Within a couple of minutes I had thousands of connections, downloading huge files from the backend.
My solution was, to add a small feature:
proxy_ignore_client_abort 10%;
If the server did not download at least 10% from the backend-machine, he closes the connection to the backend as soon as the client closed the connection to the server, even if "proxy_store" was used.
The patch:
http://doppelbauer.name/abort-upstream-161.patch
Thanks a lot
Markus