Configurable Denial-Of-Service prevention for http services
* Express 4+
* Koa, or
* Any middleware stack that supports *next*
e.g. fn (req,res,next)
var Ddos = require('ddos')
var ddos = new Ddos;
var express = require('express')
var app = express();
app.use(ddos.express)
var Ddos = require('ddos')
var ddos = new Ddos;
var koa = require('koa')
var app = koa()
app.use(ddos.koa)
var http = require('http')
var Ddos = require('ddos')
var ddos = new Ddos;
http.createServer(ddos.handle)
Every request marks the internal table. This is how an entry in the table managed by this module looks
{ host : <ip address>, count: 1, expiry: 1 }
When a second request is made
{ host : <ip address>, count: 2, expiry: 1 }
and the third
{ host : <ip address>, count: 3, expiry: 1 }
and so on. If the count exceeds the configurable burst amount, then the expiry goes up by twice the previous expiry, 1, 2, 4, 8, 16, etc.
When count exceeds the limit, then the request is denied, otherwise, the request is permitted.
Every time the internal table is checked, the expiration goes down by the time elapsed.
The only way for a user who has denied requests to continue is for them to let the expiration time pass, and when expiration hits 0, the entry is deleted from the table, and new requests are allowed like normal.
There is only ONE table, and within it only one small entry per IP, and that entry is transient and will be deleted within normal parameters. The table itself is combed over at the configurable checkinterval in seconds.
But it will deal with simple DOS ones, but the concept is associated with DDOS whereas DOS is about the classic operating system from the 90's.
Let's go over the configuration options to help illustrate how this module works. All of the configurations default to the following:
_params.maxcount = 30;
_params.burst = 5;
_params.limit = _params.burst * 4;
_params.maxexpiry = 120;
_params.checkinterval = 1;
_params.errormessage = 'Error';
limit is the number of maximum counts allowed. If the count exceeds the limit, then the request is denied. Recommended limit is to use a multiple of the number of bursts.
Burst is the number or amount of allowable burst requests before the client starts being penalized. When the client is penalized, the expiration is increased by twice the previous expiration.
maxexpiry is the seconds of maximum amount of expiration time. In order for the user to use whatever service you are providing again, they have to wait through the expiration time.
checkinterval is the seconds between updating the internal table.
When a request is denied, the user receives a 500 and the error message.
Looking for a more advanced Koa test!
Contributions welcome!
FAQs
Configurable Denial-Of-Service prevention for http services
The npm package ddos receives a total of 1,341 weekly downloads. As such, ddos popularity was classified as popular.
We found that ddos demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
Research
/Security News
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers