Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent web socket DDOS attacks?

I just performed a basic DDOS from my computer:

websocket-bench -a 2500 -c 200 wss://s.example.com

Which to my total dismay crashed my server! The WS works by connecting to my nginx proxy:

    location / {
            proxy_pass http://sock;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header        X-Real-IP               $remote_addr;
            proxy_read_timeout 60;
    }

    upstream sock {
            server 127.0.0.1:1203 fail_timeout=1s;
    }

and locally on the server on port 1203 is ratchet. The setup for ratchet is that I allow any connection and the first onMessage performs authentication and if invalid the connection is closed.

I also have tried authentication by passing headers on the first connection and if invalid the socket closes but this has not helped at all and nginx still reaches 100% resources and then crashes.

What should I be analysing to prevent these crashes?

When changing the upstream to another closed port (i.e disabling it) the server still crashes.

like image 851
maxisme Avatar asked Nov 07 '22 04:11

maxisme


1 Answers

Either change your authentication logic so Nginx handles it, or implement request and connection limits within Nginx to control how many connections are accepted and passed to the upstream server

like image 102
miknik Avatar answered Nov 26 '22 16:11

miknik