Configure Haproxy to Protect from Slow Post Attack

Haproxy Load balancer protect database server from ddos attack tools like tor hammer, Tor Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. Kills most unprotected web servers running Apache and IIS Server with ~256 threads results in “Database Error While Sending Query Packet“. To Protect Server from dos tool like tor-hammer, we need to block HTTP POST on haproxy.

Control HTTP methods on HAProxy load balancer using simple Access Control Lists.

Create ACL rule inside frontend section to define allowed HTTP methods and allowed source ip for post request.

acl valid_method method GET HEAD
acl network src xxx.xxx.xxx.xxx
http-request deny if ! valid_method !network

deny action will stop the evaluation of the rules, immediately reject the HTTP POST request and return HTTP 403 error code.

As Per Haproxy Documentation, haproxy is already in an ideal position to stop these types of POST attacks in their tracks

frontend web
    option http-buffer-request
    timeout http-request 10s

Here,

option http-buffer-request instructs HAProxy to wait for the whole data before forwarding it to a server

timeout http-request 10s option tells how much time HAProxy let to a client to send the whole POST.

Thanks to its functionality as a security tool, a reverse proxy and its intended functionality as a excellent load balancer.

GitHub Link for Tor Hammer DOS Script here

Add a Comment

Your email address will not be published. Required fields are marked *