Last year, I’ve built a Captcha Server in Python, which is used to generate captchas, serve them over http and validate the users input. The implementation is used to filter layer7 ddos attacks on web applications.
However, as Python webapps based on flask and served by gunicorn, cause some serious (limiting) overhead, I’ve started rethinking the previously built application.
Implementing my own http server in C? – No way, too much work.
Go? net/http isnt too fast. Alternatives? – https://github.com/valyala/fasthttp
It took me almost 2 hours to rewrite the python based captcha validator in go using fasthttp to serve the captcha and validate the input.
Only ~200 lines of code ended up in the following benchmark results on my local machine:
Server Software: fasthttp Server Hostname: 127.0.0.1 Server Port: 10000 Document Path: /verify/captcha Document Length: 2949 bytes Concurrency Level: 500 Time taken for tests: 981.127 seconds Complete requests: 9999999 Failed requests: 0 Total transferred: 31039996896 bytes HTML transferred: 29489997051 bytes Requests per second: 10192.36 [#/sec] (mean) Time per request: 49.056 [ms] (mean) Time per request: 0.098 [ms] (mean, across all concurrent requests) Transfer rate: 30895.59 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 34 177.8 3 7150 Processing: 0 15 16.8 12 1621 Waiting: 0 13 15.5 10 1621 Total: 0 49 181.4 16 7174 Percentage of the requests served within a certain time (ms) 50% 16 66% 19 75% 22 80% 25 90% 36 95% 66 98% 1031 99% 1046 100% 7174 (longest request)
~10k handled requests per second and ~350Mbit/s of peak http traffic is quite astonishing for a single cpu core, while also saturating my laptop cpu with apache bench.
More work such as fifo IPC with a netmap based c application in order to block bots on network level is tbd. However, thats probably just a one hour job 🙂