Considerations regarding throtteling

[Guillaume Quintard]

Hi Christian,

Sorry for the delay, somehow gmail marked your email as spam :-(

So, vmod-vsthrottle would be my first instinct, or something a bit more
refined, like
https://github.com/varnish/toolbox/tree/main/vcls/redis_throttle.

As for not wanting to block real requests, I think you are always going to
have that classification issue, but maybe you can throttle only on the
backend side to limit disturbance?

-- 
Guillaume Quintard


On Tue, Oct 14, 2025 at 1:32 AM Christian Nölle <noelle at uni-wuppertal.de>
wrote:

> Hello everyone,
>
> I would like to hear your opinion on how you would approach this problem.
>
> We have two Varnish servers running in a load-balancing cluster that
> cache TYPO3-based websites. We keep having the problem that script
> kiddies like to flood the server with requests and probes for vulnerable
> web applications.
>
> Basically, a WAF is connected upstream of the servers, but every now and
> then something gets through that isn't detected. This sometimes puts
> stress on our backend servers, so I'm thinking about how best to deal
> with it. Mod vsthrottle came to mind, i.e. slowing everything down once
> a certain request rate is reached. But of course, I don't want to affect
> ‘real’ requests. What comes to mind for you?
>
> Best regards!
>
> Christian
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/vinyl-misc/attachments/20251021/c5144f06/attachment.html>