

HAProxy can block a 100,000-connection-per-second DoS - wmf
http://haproxy.1wt.eu/10g.html

======
datums
A DoS is usually trivial to stop. Now a DDoS, that would be impressive. I
don't need haproxy to stop a specific request or from a specific ip. The
kernel routing tables can do that.

~~~
wmf
Yes, for a known IP address you can use the kernel. HAProxy ACLs can match
user agents, URLs, referrers, etc.

------
ezmobius
I don't see anything in this article about DoS, where are you getting that
from? these are benchmarks against static files, still very impressive but not
DoS protection.

~~~
wmf
The section titled "Session setup/teardown rates" talks about using ACLs to
block or redirect requests.

~~~
ezmobius
cool thanks

------
datums
route add ip.address.of.offender reject

