It's vast documentation of how to mitigate (proactively reduce impact as it occurs) from denial-of-service attacks on web applications. People typically quote services like Cloudflare or as per their application on servers like Amazon EC2 and do load balancing.
This theoretical question questions alternatives to problems on a much smaller scale , with no option to use a more complex solution, but with advantage of the problem being simpler and for a point event, where sysadmin or developer is seeing the thing happen.
Situation A: Micro DDoS (small-scale denial of service attack)
A typical example of such an attack (only part that matters, the rest has already been filtered before)
- There are few IPs attacking and they do not change. Text logs show them
Situation B: High sudden access
For some reason, your site gets popular when being summoned by someone famous or on television, goes through the following:
- Hundreds of people access a few pages. Most only the home page and a second page, both of which just display information and do nothing special on the server side
Common
In both cases, the site goes down and is knocked over by the shared hosting company or by your company's small server for high CPU usage. The cost of generating and not caching pages is greater than demand. There is also no network problem, as there is enough bandwidth to meet the demand, but your application can generate something up to 15-25req / s.
Assume that you do not have root access, you could not install new modules or change your operating system's firewall. I would also not be able to migrate the site to another server, for financial or time reasons, since both situations will be punctual and last for a maximum of 1 to 3 hours.
In addition to the language used in your application, you could also have any other tool that an ordinary user would have, such as access to .htaccess on an Apache server and IIS web.config.