DDOS
The prevention of denial of service attacks is a complex problem which involves multiple layers of protection, up and down the networking stack. This type of attack has achieved notoriety in recent years due to widespread media coverage of groups like Anonymous.
At the API layer, there isn't much that can be done in the way of prevention. However, Sails offers a few settings to mitigate certain types of DDOS attacks:
- The session in Sails can be configured to use a separate session store (e.g. Redis), allowing your application to run without relying on the memory state of any one API server. This means that multiple copies of your Sails app may be deployed to as many servers as is necessary to handle traffic. This is achieved by using a load balancer), which directs each incoming request to a free server with the resources to handle it, eliminating any one app server as a single point of failure.
- Socket.io connections may be configured to use a separate socket store (e.g. Redis) for managing pub/sub state and message queueing. This eliminates the need for sticky sessions at the load balancer, preventing would-be attackers from directing their attacks against the same server again and again.
Note that, if you have the long-polling transport enabled in sails.config.sockets, you'll still want to make sure TCP sticky sessions are enabled at your load balancer. For more on that, check out this writeup about sockets on Deis and Kubernetes.
Additional Resources
- Backpressure and Unbounded Concurrency in Node.js (Voxer)
- Building a Node.js Server That Won't Melt (Mozilla)
- Security in Node.js - see the "Denial of Service" section (Harry Torry)
- Slowloris DDoSAttacks
For a better experience on sailsjs.com, update your browser.
Built with Love
The Sails framework is maintained by a web & mobile studio in Austin, TX, with the help of our contributors. We created Sails in 2012 to assist us on Node.js projects. Naturally we open-sourced it. We hope it makes your life a little bit easier!
© 2012-2018 The Sails Company.
The Sails framework is free and open-source under the MIT License.