Block a DDoS or DoS attack with Varnish - Protection tips

If there's a an accelerator that's capable of blocking a DDoS attack that would be Varnish. We covered how a constellation of Nginx proxies can help diffuse a DDoS attack. Varnish's design in terms of threading and efficient use of memory makes it an ideal tool to put up the best fight against a DDoS attack. We'll post here tips & tricks you can use with your cPanel Varnish Plugin. These are changes you'll want to make prior to an attack taking place. Remember, threads are cheap so start up as many as needed early on in anticipation of the attack. Don't forget to deploy the varnish.ddos template located under the templates/ directory in the release zip file.

1) Increase thread_pool_min. This value is the minimum number of threads to be laying around waiting to be made active by Varnish. So inside /etc/sysconfig/varnish increasethread_pool_min reasonably.For example,thread_pool_min=400

2) Increase memory available to Varnish via WHM -> cPanel Varnish -> Advanced Configuration ->Memory Cache. Be sure to have enough RAM available

3) If you expect an attack, increase the dynamic cache TTL also viaAdvanced Configuration -> Cache Time To Live. 40 (seconds) would be a reasonable value.

4) Increase max_connections value for backends via /etc/varnish/backends.vcl

  • 22 Users Found This Useful
Was this answer helpful?

Related Articles

How do I uninstall the cPanel Varnish Plugin?

Navigate to where you had previously unpacked the plugin. Normally, it's under...

I've installed the cPanel Varnish Plugin, now what?

No action is required from your end. The installation script takes care of installing and...

Where can I download the installer?

The installer is in the Client Area location. Simply login to your account at...