DDos deflate bug bans white-listed IP's

Question

Hi guys I run a busy CentOS webserver (nginx/php-fpm) an to protect it to certain attacks I used http://deflate.medialayer.com/ for a while. I had setup a white-list with 127.0.0.1, my external databes server IP and about 100 search engine scrapers.

This system was working well for a while until for a yet unknown reason DDos deflate decided to ban 127.0.0.1 out of the blue. This prevented a php-fpm of things from running. I switched FPM to unix socket instead, so if localhost was banned again, it would run fine.

But today out of the blue DDOS deflate banned my external database server. This IP was always whitelisted, and this IP always has well over the set limit of connections, so the whitelisting worked. But today out of the blue, boom also this IP got banned, and was removed from the whitelist.

I am totally freaked out, and have stopped using DDOS deflate for now. What could be causing this? DDOS deflate was successfully banning/unbanning new IP's all the time, and it would honor the whitelist. But once in a while, it just randomly removes items from that whitelist, and bans them.

Maybe someone also knows a good alternative to DDOS deflate? I work with IPTABLES.

Answer 1

I started using https://github.com/ess/citadel which works very well so far.