Scope
We need to implement a control knob that applies stricter security rules during an attack or under heavy load. For example, when the system is under heavy load, an administrator can decide to block suspicious clients. By enabling this rule through sysctl or the Tempesta configuration, all suspicious clients will be blocked and an appropriate log entry will be generated. By default must be disabled. The list of rules to apply may be added to this issue in the future. By “suspicious,” we mean clients that consume excessive resources or use suboptimal configurations—for example, a very small HTTP/2 window size.
Documentation
If Tempesta FW behavior or configuration is changed, then please update the Wiki. Don't forget about our documentation guidelines.
Scope
We need to implement a control knob that applies stricter security rules during an attack or under heavy load. For example, when the system is under heavy load, an administrator can decide to block suspicious clients. By enabling this rule through sysctl or the Tempesta configuration, all suspicious clients will be blocked and an appropriate log entry will be generated. By default must be disabled. The list of rules to apply may be added to this issue in the future. By “suspicious,” we mean clients that consume excessive resources or use suboptimal configurations—for example, a very small HTTP/2 window size.
Documentation
If Tempesta FW behavior or configuration is changed, then please update the Wiki. Don't forget about our documentation guidelines.