View our GitHub

Please visit sails-docs on GitHub to view documentation on your mobile device.

Edit Page

DDOS

The prevention of denial of service attacks is a complex problem which involves multiple layers of protection, up and down the networking stack. This type of attack has achieved notoriety in recent years due to widespread media coverage of groups like Anonymous.

At the API layer, there isn't much that can be done in the way of prevention. However, Sails offers a few settings to mitigate certain types of DDOS attacks:

  • The session in Sails can be configured to use a separate session store (e.g. Redis), allowing your application to run without relying on the memory state of any one API server. This means that multiple copies of your Sails app may be deployed to as many servers as is necessary to handle traffic. This is achieved by using a load balancer), which directs each incoming request to a free server with the resources to handle it, eliminating any one app server as a single point of failure.
  • Socket.io connections may be configured to use a separate socket store (e.g. Redis) for managing pub/sub state and message queueing. This eliminates the need for sticky sessions at the load balancer, preventing would-be attackers from directing their attacks against the same server again and again.

Additional Resources

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails-docs repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.