View Source PhoenixDDoS (PhoenixDDoS v1.1.19)
phoenix_ddos is a high performance application-layer DDoS protection for Elixir Phoenix.
Installation
- Add
:phoenix_ddosto your list of dependencies inmix.exs:
def deps do
[
{:phoenix_ddos, "~> 1.1"},
# Highly recommended, this will makes sure we get the correct remote_ip
{:remote_ip, "~> 1.1"}
]
end- Add the
PhoenixDDoSplug to your app's Endpoint, after the excellent RemoteIp plug (optional but highly recommended !).
defmodule MyApp.Endpoint do
use Phoenix.Endpoint, otp_app: :my_app
# put as high in the order as possible
plug RemoteIp, headers: ["x-forwarded-for"]
plug PhoenixDDoS
# ...
endConfiguration
config :phoenix_ddos,
safelist_ips: ["1.2.3.4", "5.6.7.0"],
blocklist_ips: ["11.12.13.0"],
protections: [
# ip rate limit
{PhoenixDDoS.IpRateLimit, allowed: 500, period: {2, :minutes}},
{PhoenixDDoS.IpRateLimit, allowed: 10_000, period: {1, :hour}},
# ip rate limit on specific request_path
{PhoenixDDoS.IpRateLimitPerRequestPath,
request_paths: ["/graphql"], allowed: 20, period: {1, :minute}},
{PhoenixDDoS.IpRateLimitPerRequestPath,
request_paths: [{:post, "/login"}], allowed: 5, period: {30, :seconds}}
]| Type | Option | Default | Description |
|---|---|---|---|
| bool | enabled | true | set false to disable |
| int | jail_time | {15, minutes} | time an ip is fully blocked if caught by a protection. set nil to disable thus blocking instead |
| bool | raise_on_reject | false | raise when we reject a connexion instead of returning an http code error |
| int | http_code_on_reject | 429 | http code returned when we reject a connexion |
| list | protections | [] | @see Protections examples |
| list | safelist_ips | [] | bypass all protections ips |
| list | blocklist_ips | [] | always blocked ips |
| bool | on_jail_alert_to_sentry | false | notify slack when an ip get jailed |
The configuration is per node you run, rate_limits are not shared (yet), but it gives you the best performance in case of an attack.
Examples with protection PhoenixDDoS.IpRateLimit
500 per minute max, if triggered ip will be in jail for 15 minutes
[{PhoenixDDoS.IpRateLimit, allowed: 500, period: {1, :minute}}]disable jail, ip will be throttle to 500 per minute
[{PhoenixDDoS.IpRateLimit, allowed: 500, period: {1, :minute}, jail_time: nil}]
Examples with protection PhoenixDDoS.IpRateLimitPerRequestPath
single route /graphql with a 20 per minute max, if triggered ip will be in jail for 15 minutes
[{PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: ["/graphql"], allowed: 20, period: {1, :minute}}]you can also give a phoenix-like path
[{PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: ["/admin/:id/dashboard"], allowed: 20, period: {1, :minute}}]you can also specify method
[ {PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: [{:post, "/login"}, {:post, "/logout"}], allowed: 5, period: {1, :minute}}, {PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: [{:get, "/login"}], allowed: 100, period: {5, :minute}} ]multiple route consuming same quota
[{PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: ["/graphql", "/graphiql"], allowed: 20, shared: true, period: {1, :minute}}]multiple route consuming independent quota
[{PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: ["/graphql", "/graphiql"], allowed: 20, period: {1, :minute}}]
is equivalent to:
[
{PhoenixDDoS.IpRateLimitPerRequestPath,
request_paths: ["/graphql"], allowed: 20, period: {1, :minute}},
{PhoenixDDoS.IpRateLimitPerRequestPath,
request_paths: ["/graphiql"], allowed: 20, period: {1, :minute}}
]Community
Slack: join elixir-lang and join channel #phoenix_ddos
FAQ
Why would I need this compared to a system like cloudflare or a reverse proxy with a fail2ban ?
The best ddos protection is like any protection: you have to have multiple layers of protection, each layer having its own advantage or disadvantage. In that matter, to maximize protection you should use one system per layer.
Also we have to keep in mind that a lot of projects don't have the capability (running in a PaaS like heroku for instance) or the will to have all these systems in place. Since phoenix_ddos is a plug-and-play (pun intended) library with minimum configuration, it is a great value for a minimum of effort.
What is a multi-layer ddos protection and why this is important ?
phoenix_ddos is the application layer, running in the application itself. It advantage is that is knows the inside of the application and its limits and can act on the details, where a cloudflare or a ngnix fail2ban would manage most of the load, but the traffic that still access your application may still kill it, this is then the responsability of phoenix_ddos.
Example of a phoenix application cluster: e.g. 10 pods running each the same phoenix application:
Other layers will protect the entire cluster and phoenix_ddos will protect each phoenix application individually.
Since one phoenix application have its own limits, it is best to have a throttle at this layer.
If the cluster scale up or down (switching to 3 pods or 30 pods), other layers will never adapt their throttle values, but phoenix_ddos will scale its protection gracefully.
Comparaison with an home electrical installation:
In home installation, you have 2 layers of protection doing the exact same thing:
- one differential switch protecting the house globally, with a small sensitivity, this will protect the house from burning if a bad short circuit happen
- several differential switches in the electric switchboard, with high sensitivity, this will protect people from being badly injured in case of a shock. We can note that those switches are
application specializedbecause they are chosen according to the load they have to protect, something the other layer can't manage since it has no idea of the house usage in detail.
Next in roadmap
- [monitoring] observe tooling, to be able to observe what volume is normal traffic and craft a configuration accordingly
- [feat] ip blocklist/safelist with mask/subnet
- [feat] log central genserver to avoid log spam and create possibility provide aggregated report
- [feat] out of jail system: an attacker ip would go out of jail and will make some damage again before being put in jail, prevent that
Later in roadmap
- [feat] multi-node
- [path] make a phoenix_ddos_pro with powerful features for companies ? The oban model might be a good path to take !
Contributing
Create issues on github for any bug or issue.
To contribute on the code, please clone and use following tools:
run tests
mix testrun release code validation
mix ci