librewolf
/
archive
mirror of
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Create README.md

This commit is contained in:
cyberhubarchive 2021-06-15 17:36:45 +02:00 committed by GitHub
parent 2c0461a2f1
commit 5ff16d8f75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
AntiDDoS/README.md Normal file
View File

@ -0,0 +1,13 @@
A custom repo for Cloudflare firewall ruleset.
1 => T1 "Country" (aka TOR) is always challenged to avoid TOR routed HTTP floods.
2 => Couple of "bad" countries are JS challenged in order to avoid RAW HTTP floods (mostly compromised IoT devices)
3 => A good set of known hosting/VPN ASN to be challenged in order to avoid proxy based HTTP floods.
Additional mitigations can be applied as:
1 => Nginx (or webserver/balancer) rate limit closing/resetting the connections (Nginx ex: error code 444) triggering the Cloudflare "Origin protection" and "HTTP DDoS attack protection".
2 => Monitoring of HTTP requests in order to detect spikes and forcing a captcha challenge for any ASN
3 => Block of unwanted HTTP methods via Cloudflare firewall rules
4 => Block of URI queries via Cloudflare firewall rules when sites does not require it in order to avoid cache bypass (ex. static site parts, pretty urls)
Stay safe :D