Mirtov Alexey efa5c5dcf0 add load testing dos eng | 2 年之前 | |
---|---|---|
.. | ||
README.md | 2 年之前 | |
README_RU.md | 2 年之前 |
The solution allows you to test your AntiDDos system with Yandex Load Testing
!!Important!!: Use this tool only to test your own infrastructure. Using a tool to load resources that are not yours may be a violation of the legislation of the Russian Federation and lead to negative consequences
1) Prepare a test VM/service. For example, using the solution Installing a Vulnerable Web Application (dvwa) or any other web service
(Extended protection works at levels 3 and 7 of the OSI model. In addition, you can track load indicators, attack parameters and connect Solidwall WAF in your Qrator Labs personal account. To enable advanced protection, contact your manager or technical support). Additionally, you can activate the WAF service (Web Application Firewall)
3) Ask your manager/architect/support to access the service Yandex Load Testing
The agent configuration is selected based on the desired load of requests per second (rps) All available configurations presented here (10,000rps - small, 20,000 - medium 40,000 - large)
5) In the service menu, click Create test and select Setting method - Config
6) Insert the following configuration (load at 4000 rps):
phantom:
enabled: true
package: yandextank.plugins.Phantom
address: your-test-app:80
ammo_type: uri
load_profile:
load_type: rps
schedule: step(75, 4000, 25, 2m)
ssl: false
uris:
- /
core: {}
cloudloader:
enabled: true
package: yandextank.plugins.CloudUploader
job_name: omgplease.tk
job_dsc: ''
ver: '1'
api_address: loadtesting.api.cloud.yandex.net:443
!Need to change port 80 to 443 if using https
7) Click Create
8) As a result, a load test will start, the report of which can be viewed by failing into the test and selecting the Report button
9) You will see an attack alert like HTTP Misuse/Flood on the target DDos protection system. HTTP attack. It is aimed at overloading the HTTP service with a large number of requests.