Good afternoon.
Guys, we have serious problems. A lot of time our wowza server is under ddos attack. We don’t know how protect media server. The attack focus only on hls(http) streaming. And few weeks ago I understand technology. It is http slow read ddos. On wowza we use token for streams and limit on server for users (700 connections). When ddos start in logs i saw that a lot of wrong connection (with incorrect token) “fly” on victim stream. And after few seconds I saw in this stream max hls connection (on server this number was 700 of course). And after in logs we see a lot of incorrect sessions. After few hours java heap (it on our production 10gb) full 100% and wowza down!
I try to combat with this problem, but anything didn’t help.
I used iptables. Used some rules which limit no more than 2 request from 1 ip address. It got better but in any case wowza down. ddos request pass on wowza. I used java module for wowza which reject all hls sessions if it’s more then 50 for example. But it didn’t save. All ddos request successfully passed.
I didn’t know how protect wowza. What should we do? Thank you.