Mitigating web attacks with Varnish

I’ve been a Varnish user and enthusiast for quite some time, ever since the 1.x days. Perhaps also because of my FreeBSD bias.

Performance-wise, Varnish has always been a treat, successfully replacing expensive solutions from big vendors like BlueCoat (who also run a modified FreeBSD) or Crescendo Networks. Tie it to OpenBSD’s packet filter and the nginx web server and you get an excellent HTTP stack.

A couple of days ago, while I was mangling HTTP headers inside Varnish in order to prevent web attacks, it occured to me that somebody might have put together something more consistent than my quick’n dirty setup. And indeed, it’s all there, in Kacper Wysocki’s GitHub repository.

Bookmark and Share

Comments are closed.