I run some webservers which serve small javascript files ( which are web widgets of about 8kb ) , I have several servers moved on ovh where I also have other services ( I also use their cdn service which is not bad )
the problem is that those servers trigger the anti DDoS service which WRONGLY think that legitimate traffic is an attack, put the server under filtering and I loose about 30% of the traffic… my clients are complaining , my internal statistics show also evidence of the problem since I’ve moved on ovh, when ovh remove the filter immediately the widget success rate increase from 70% to about 99%
( I can only see that in http 200-response and in client-recordered metrics ) the problem is that severs that should handle 500Mbps of traffic are “limited” to less than 70Mbps due to that filter… ( also with server resources ( cpu/ram usage under 30% ) )
I know that serving 8kb/request at 70Mbps is quite a lot, each server receive about 3000 connections/second which for a normal website could look like a DDoS , but for me It’s normal traffic!
I know what I’m talking about because I was serving same widgets on softlayer since a month ago with 1/4 of the ram per server and 1/2 of the servers ( and the have a DDoS too but probably less aggressively configured )
I don’t even know if I can order multiple very small servers instead of less big servers to workaround that issue because OVH don’t want to tell me the DDoS threshold that is hitting me ( Packet per seconds ? ip / seconds ? conntrack ? what ? ) are thresholds equals for all servers ? there is no documentation.
the not so funny part of all that is…
I’ve already opened a ticket for that… 6528169741 , and in 9 days I have yet to reach a tech, on day one a “tech” from italy team asked me a tcpdump which I provided in MINUTES , then silence for days, after a call the tech told me that the dump was too big… ( about 100mb ) , I asked which size would be better for them and he told me about 3mb, I said ok , but you could have truncated the tcpdump yourself with the tcpdump command to the size you want… anyway I’ve uploaded immediately a new tcpdump of 3mb, no reply for more days…
after 6 days of ticket… another italian “tech” told me that have opened an internal ticket… after 3 days I’m still waiting… not knowing a lot of things :
- If the problem can be fixed ( DDoS thresholds adjusted )
- how to handle such cases in future ( having to fight with “tech” support for days to get a reply is not my work ) /new servers