Skip to content

Fodder Thresholds

Intro

Fodder is a Feeder for FoD (Firewall on Demand)

It handles a handful of HAProxy configuration variables used to drive automated DDoS mitigation.

It provides a web interface to update threshold values across all HAProxy nodes, persisting them in both HAProxy stick tables (for real-time peer synchronization) and a YAML file (for persistence across restarts).

Parameters

FoD IP Threshold

Minimum traffic rate that an individual IP address must exceed to be included in subnet aggregation.

IPs below this threshold are excluded from further calculation.

FoD Subnet Threshold

Individual IP counters are aggregated by subnet. When the arithmetic sum of all IPs within a subnet exceeds this threshold, the subnet is submitted to FoD for enforcement.

Global Low Threshold

Lower bound for HAProxy aggregate traffic monitoring. Crossing this threshold triggers the first level of mitigation.

Action: Log only

Global Medium Threshold

Intermediate bound for HAProxy aggregate traffic. Crossing this threshold escalates the mitigation response.

Action: PoW challenge reissued to all clients

Global High Threshold

Upper bound for HAProxy aggregate traffic. Crossing this threshold triggers the most aggressive mitigation measures.

Action: not used (logging)

Sleep Time

Time interval in seconds between each iteration of the monitoring script