[PATCH 0 of 5] QUIC flood detection
arut at nginx.com
Thu Oct 7 11:36:13 UTC 2021
This series adds support for flood detection in QUIC and HTTP/3 smilar to
- patch 1 removes client-side encoder support from HTTP/3 for simplicity
- patch 2 fixes a minor issue with $request_length calculation
- patch 3 adds HTTP/3 traffic-based flood detection
- patch 4 adds QUIC traffic-based flood detection
- patch 5 adds a limit on frames number similar to HTTP/2
As for the patch 3, both input and output traffic is analyzed similar to HTTP/2.
Probably only input should be analyzed because current HTTP/3 implementation
does not seem to allow amplification (the only exception is Stream Cancellation,
but keepalive_requests limits the damage anyway). Also, we can never be sure
the output traffic we counted actually reached the client and was not rejected
by stream reset. We can discuss this later.
More information about the nginx-devel