Rails Denial of Service Attacks
Rails Denial of Service Attacks
Rails is single-threaded and a typical setup concludes:
- Limited number of Rails instances
- 8 per CPU
- Even quite active sites (~500.000 PI/day ) use 10-20 CPUs
- All traffic is handled by Rails
Learn Ruby on Rails - Ruby on Rails tutorial - Denial of Service Attack - Ruby on Rails examples - Ruby On Rails programs
- A denial of service attack is very easy if Rails is handling down/uploads.
- Just start X (= Rails instances count) simultaneous down/uploads over a throttled line.
- This is valid for all slow requests, e.g.
- Image processing
- Report generation
- Mass mailing
Rails Slow Request DoS Prevention
- Serve static files directly through the web server
- Apache, Lighttpd, nginx (use x-sendfile for private files)
- Amazon S3
- Contaminate slow requests
- Define several clusters for several tasks
- Redirect depending on URL