Prevent Websocket DoS attack with nginx

Asked Apr 20 '21 at 19:16

Active Apr 24 '21 at 04:14

Viewed 478 times

I've noticed that someone could easily crash my website using a simple javascript while loop that continuously sends stuff like so:

while(true) {
    websocket.send(JSON.stringify({}));
}

I'm using nginx which passes ws-requests to daphne which in turn talks to django-channels. This is the relevant configuration part:

location /ws/ {
    proxy_http_version  1.1;
    proxy_set_header    Upgrade $http_upgrade;
    proxy_set_header    Connection "upgrade";
    proxy_redirect      off;
    limit_conn addr 10;
    proxy_pass      http://daphne;
}

Is there any easy way to prevent this? An upper limit for the datastream would be super. The websocket connection is used for things that may send several messages within a few (hundred?) milliseconds (WebRTC and game related stuff).

asked Apr 20 '21 at 19:16

Call of Guitar

On your websocket server, identify the spammy client and close its session. – Shriji Kondan Elangovan Apr 20 '21 at 19:29
If I knew how to do that I wouldn't have asked the question. Could you explain how to let nginx automatically do this? – Call of Guitar Apr 20 '21 at 19:35
maybe your answer :- https://stackoverflow.com/questions/51559838/how-to-prevent-web-socket-ddos-attacks – Faiz Ur Rahman Apr 21 '21 at 06:30
the below StackOverflow link is maybe your answer. https://stackoverflow.com/questions/51559838/how-to-prevent-web-socket-ddos-attacks – Faiz Ur Rahman Apr 21 '21 at 06:31

Prevent Websocket DoS attack with nginx

0 Answers0