OVHcloud Web Hosting Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS#5731 — protection of the shared hostings
Scheduled Maintenance Report for Web Cloud
Completed
After the last attacks that we received on the shared
hosting , we added a protection that allows to protect
against this precise attack

The attack consists in opening many
simultaneous connexions (so it's not synflod) ,
then the connexion does nothing and waits the timeout.


We were already protected against this attack
but visibly, some people found how to by-pass
the actual protections.


So we added a limit in terms of number of connexions
that an IP can do on the shared hosting and we fixed
it to 50 simultaneous connexions from an IP. After
that we whitelisted some IPs (google, etc ...)


If an IP reachs the limit of 50 simultaneous connexions,
the firewall does not open during 2 seconds. After 2 seconds
it evaluates the situation and then it takes another decision :
either it's under 50 connexions and it opens the connexion , either
it's in standby for 2 more seconds.


class-list any
0.0.0.0 /0 lid 1

slb template policy ip_limit
class-list name any
class-list lid 1
conn-limit 150
over-limit-action lockout 2 log 1

Update(s):

Date: 2011-08-27 12:54:02 UTC
p19-77-a10#sh class-list any

Name: any
Total single IP: 0
Total IP subnet: 31
Content:
65.52.0.0 /16
66.102.2.0 /24
66.102.3.0 /24
66.102.4.0 /24
66.102.0.0 /20
66.102.10.0 /23
66.102.12.0 /23
66.249.66.0 /24
66.249.67.0 /24
66.249.68.0 /24
66.249.69.0 /24
66.249.71.0 /24
66.249.72.0 /24
66.249.64.0 /19
66.249.82.0 /24
66.249.84.0 /24
66.249.85.0 /24
67.195.0.0 /16
74.125.76.0 /24
74.125.78.0 /24
77.88.30.0 /24
81.52.143.0 /24
95.108.158.0 /24
0.0.0.0 /0 lid 1
157.55.0.0 /16
193.47.80.0 /24
193.252.118.0 /24
193.252.149.0 /24
193.253.141.0 /24
207.46.0.0 /16
213.251.189.0 /24
Posted Aug 27, 2011 - 12:51 UTC