Edit Page
DDOS
The prevention of denial of service attacks is a complex problem which involves multiple layers of protection, up and down the networking stack.
This type of attack has achieved notoriety in recent years due to widespread media coverage of groups like Anonymous.
At the API layer, there isn't much that can be done in the way of prevention. However, Sails offers a few settings to mitigate certain types of DDOS attacks:
- The session in Sails can be configured to use a separate session store (e.g. Redis), allowing your application to run without relying on the memory state of any one API server. This means that multiple copies of your Sails app may be deployed to as many servers as is necessary to handle traffic. This is achieved by using a load balancer ), which directs each incoming request to a free server with the resources to handle it, eliminating any one app server as a single point of failure.
- Socket.io connections may be configured to use a separate socket store (e.g. Redis) for managing pub/sub state and message queueing. This eliminates the need for sticky sessions at the load balancer, preventing would-be attackers from directing their attacks against the same server again and again.
Note that, if you have the long-polling transport enabled in sails.config.sockets, you'll still want to make sure TCP sticky sessions are enabled at your load balancer. For more on that, check out this writeup about sockets on Deis and Kubernetes.
Additional Resources
#
Is something missing?
If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.
Check out the full Sailsconf 2024 playlist on Youtube
Documentation