How to prevent DOS attacks on my http server which written in node.js?

Question 1

How to prevent DOS attacks on my http server which written in node.js?

javascript node.js security ddos

0x90 · Dec 22, 2011 · Viewed 10.3k times · Source

Answer

Answer

A DOS attack really shouldn't be handled by your HTTP server. Once a request has reached it the attacker has 'won' by taking up a connection (no matter how short). Even if they are short they can just slam it with thousands/sec and prevent anyone else from connecting. Also, they might not attempt to 'connect' via TCP and just flood the server with all sorts of requests.

Block/detect DOS attacks at a lower level or via a firewall, which I'm sure many software and hardware versions support some basic types of DOS detection and prevention.

Question 2

using node.js, the net module for building a tcp server which can hande http requests.

I would like to prevent dos attacks so what I have done is somthing like this:

if (status.numOfCurrentRequests + 1 >= MAX_NUM_OF_CONNECTIONS) {
    socket.end();
    return; 
}

I was wondering if it is better to use :

socket.destroy();

from the API :

socket.destroy() # Ensures that no more I/O activity happens on this socket. Only necessary in case of errors (parse error or so).

what are the differences and benefits?

How to prevent DOS attacks on my http server which written in node.js?

Answer

Related questions