Mailing List Archive: Apache: Users

Handling a simple dos attack

Index | Next | Previous | View Threaded

maillists0 at gmail

Nov 6, 2009, 4:09 AM

Post #1 of 3 (103 views)
Permalink

Handling a simple dos attack

We occasionally get hit by a miscreant client who will open a large number
of connections and leave them in an open/wait state, using all the available
children. I have more than adequate resources for normal traffic. Limiting
the number of connections from a single source isn't an option because the
nature of our business means that we often have many connections from a
single IP. Right now, we deal with the problem by banning the offending IP
in our firewall and restarting Apache.

How do other people handle this? Is there something more creative I can do
inside Apache? I'm thinking of the way that Postfix handles stress, where it
can decrease time-out values under high load to drop connections more
quickly and keep resources free (I know, it isn't exactly comparable to
http, but still ... ). Can I do something similar with Apache? Suggestions
or pointers to the right docs would be greatly appreciated.

jdmls at yahoo

Nov 6, 2009, 5:58 AM

Post #2 of 3 (96 views)
Permalink

Re: Handling a simple dos attack [In reply to]

From: "maillists0[at]gmail.com" <maillists0[at]gmail.com>
>We occasionally get hit by a miscreant client who will open a large number of connections and leave them in an open/wait state, using all the available children. I have more than adequate resources for normal traffic. Limiting the number of connections from a single source isn't an option because the nature of our business means that we often have many connections from a single IP. Right now, we deal with the problem by banning the offending IP in our firewall and restarting Apache.
>How do other people handle this? Is there something more creative I can do inside Apache? I'm thinking of the way that Postfix handles stress, where it can decrease time-out values under high load to drop connections more quickly and keep resources free (I know, it isn't exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions or pointers to the right docs would be greatly appreciated.

Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
An article: http://www.codexon.com/posts/defending-against-the-new-dos-tool-slowloris

JD

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

kremels at kreme

Nov 6, 2009, 7:22 AM

Post #3 of 3 (95 views)
Permalink

Re: Handling a simple dos attack [In reply to]

On 6-Nov-2009, at 06:58, John Doe wrote:
> Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?

It'd sure be nice if there was documentation on 'mod_evasive is fully
tweakable through the Apache configuration file, easy to incorporate
into your web server, and easy to use.'

--
It was not, it could not be real.
But in the roaring air he knew that it was, for all who needed to
believe, and in a belief so strong that truth was not the same as
fact... he knew that for now, and yesterday, and tomorrow, both the
thing, and the whole of the thing. --The Fifth Elephant

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com