I manage a website that is a "bad magnet" for our competitors.
I am using Incapsula CDN + WAF and I have internal proxy for caching.
CMS/WP from its nature is very data consuming, I have check that, and on every page there can be more than 80 queries to the mysql just to render a single page that is not cached.
The problem is that with jmeter or a simple script you can request a page that is not cached every millisecond, this will query the database 8,000,000 times in one minute and remove the site after less than very short time.
Since all the caching systems / proxies are based on url, asking random url that is not cached is very simple. http://ift.tt/16WDCzH .
This is how I actually made my site go down in the staging environment.
Is there any http proxy / security product that knows how to deal with these kind of attacks?
My system is WordPress installed on nginX on CENTOS.
Thanks
Aucun commentaire:
Enregistrer un commentaire