Rails Denial of Service Attacks



Rails Denial of Service Attacks

Rails is single-threaded and a typical setup concludes:

  • Limited number of Rails instances
    • 8 per CPU
    • Even quite active sites (~500.000 PI/day ) use 10-20 CPUs
  • All traffic is handled by Rails
 Denial of Service Attack
Learn Ruby on Rails - Ruby on Rails tutorial - Denial of Service Attack - Ruby on Rails examples - Ruby On Rails programs
  • A denial of service attack is very easy if Rails is handling down/uploads.
  • Just start X (= Rails instances count) simultaneous down/uploads over a throttled line.
  • This is valid for all slow requests, e.g.
    • Image processing
    • Report generation
    • Mass mailing

Rails Slow Request DoS Prevention

  • Serve static files directly through the web server
    • Apache, Lighttpd, nginx (use x-sendfile for private files)
    • Amazon S3
  • Contaminate slow requests
    • Define several clusters for several tasks
    • Redirect depending on URL
 Denial of Service Attack
Learn Ruby on Rails - Ruby on Rails tutorial - Denial of Service Attack - Ruby on Rails examples - Ruby On Rails programs

Related Searches to Rails Denial of Service Attacks