I'm going crazy. At the application level what I can actually do to prevent DDos?
I'm working on a C++ authentication server for my desktop application. I intend to have Cloudflare behind it, and I'm going insane and spiraling over the same issues I'm starting to think I just cannot mitigate at the application level.
It currently goes like this:
- Client connects to the acceptor
- Acceptor accepts, server checks in an in-memory ipMap to see if the client that just connected have made x requests in the past 2 minutes, if so, it drops the connection immediately. The client will be able to reconnect and get past the ipMap when the ipMap gets pruned by the server (which happens periodically).
- If the ipMap check passes. If it succeeds, the TLS handshake is performed and before the actual exchange begins, the server requests a proof-of-work (client has to solve a puzzle).
Now, I obviously need to put a limit to how much the ipMap grows, I've decided I can store 100k IPs. If my ipMap fills because the DDos attack is making 200k requests - what should I do then? I cannot do anything to protect the server and allow legit users to authenticate?
Because the only thing that I can see is: if the map fills, drop every request that comes in. But isn't that then a successful DDOs because legit clients will be dropped as well?
Same concept I cannot understand applies for global rate limiter with the toke bucket: if my server has 500 tokens per second capped at 500, isn't enough for the attacker to make 500 requests per second to lock everybody else out?