Defensing Against DoS Attacks

You can add a trustlist and adjust the size of concurrency parameters of service components to prevent resources from being fully occupied by malicious requests. The time for the client to maintain the connection depends on keepAlive set on the server. Set the keep-alive period for TCP connections, number of detection times, and detection interval based on service requirements.

To prevent SYN attacks, enable tcp_syncookies based on actual service requirements. You can set tcp_max_syn_backlog to adjust the SYN queue length, and set tcp_synack_retries and tcp_syn_retries to redefine the SYN retry times.