Anti-DDoS too aggressive, shaping my traffic to less than 70mb/sec ( on 7 servers.. )
... / Anti-DDoS too aggressive,...
< Previous question   -   Next question >
BMPCreated with Sketch.BMPZIPCreated with Sketch.ZIPXLSCreated with Sketch.XLSTXTCreated with Sketch.TXTPPTCreated with Sketch.PPTPNGCreated with Sketch.PNGPDFCreated with Sketch.PDFJPGCreated with Sketch.JPGGIFCreated with Sketch.GIFDOCCreated with Sketch.DOC Error Created with Sketch.
Question

Anti-DDoS too aggressive, shaping my traffic to less than 70mb/sec ( on 7 servers.. )

F
by
FrancescoV
Created on 2018-12-03 14:49:50 (edited on 2024-09-04 14:26:06) in Dedicated Servers

I run some webservers which serve small javascript files ( which are web widgets of about 8kb ) , I have several servers moved on ovh where I also have other services ( I also use their cdn service which is not bad )
the problem is that those servers trigger the anti DDoS service which WRONGLY think that legitimate traffic is an attack, put the server under filtering and I loose about 30% of the traffic.. my clients are complaining , my internal statistics show also evidence of the problem since I've moved on ovh, when ovh remove the filter immediately the widget success rate increase from 70% to about 99%
( I can only see that in http 200-response and in client-recordered metrics ) the problem is that severs that should handle 500Mbps of traffic are "limited" to less than 70Mbps due to that filter... ( also with server resources ( cpu/ram usage under 30% ) )

I know that serving 8kb/request at 70Mbps is quite a lot, each server receive about 3000 connections/second which for a normal website could look like a DDoS , but for me It's normal traffic!

I know what I'm talking about because I was serving same widgets on softlayer since a month ago with 1/4 of the ram per server and 1/2 of the servers ( and the have a DDoS too but probably less aggressively configured )

I don't even know if I can order multiple very small servers instead of less big servers to workaround that issue because OVH don't want to tell me the DDoS threshold that is hitting me ( Packet per seconds ? ip / seconds ? conntrack ? what ? ) are thresholds equals for all servers ? there is no documentation.

the not so funny part of all that is..
I've already opened a ticket for that.. 6528169741 , and in 9 days I have yet to reach a tech, on day one a "tech" from italy team asked me a tcpdump which I provided in MINUTES , then silence for days, after a call the tech told me that the dump was too big.. ( about 100mb ) , I asked which size would be better for them and he told me about 3mb, I said ok , but you could have truncated the tcpdump yourself with the tcpdump command to the size you want.. anyway I've uploaded immediately a new tcpdump of 3mb, no reply for more days..
after 6 days of ticket.. another italian "tech" told me that have opened an internal ticket.. after 3 days I'm still waiting.. not knowing a lot of things :
- If the problem can be fixed ( DDoS thresholds adjusted )
- how to handle such cases in future ( having to fight with "tech" support for days to get a reply is not my work ) /new servers
Upvotes (1)
2133 Views
Replies are currently disabled for this question.

Join discussion