httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Ristic <>
Subject Re: cvs commit: httpd-2.0/server protocol.c
Date Tue, 26 Oct 2004 16:16:53 GMT wrote:

> You MUST have SOMETHING that knows the difference
> or you don't have DOS protection.
> Also... if you wait all the way until you have a 'log' entry for
> a DOS in progress then you haven't achieved the goal
> of sensing them 'at the front door'.

  I don't set myself that goal. I agree that it's the best place
  to detect a DoS but it's often not possible for various reasons.
  With that option not available I prefer to be able to detect
  DoS attacks anywhere I can.

> What I was suggesting is some kind of 'connection' based
> filter that has all the well-known DOS attack scheme
> algorithms in place and can 'sense' when they are happening
> before the Server gets overloaded.

  That does not need to be in web server at all. It can
  work from within the kernel, or be a part of a network

ModSecurity (
[ Open source IDS for Web applications ]

View raw message