Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org Received: (qmail 22480 invoked from network); 12 Jun 2009 17:11:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Jun 2009 17:11:23 -0000 Received: (qmail 52224 invoked by uid 500); 12 Jun 2009 17:11:34 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 52160 invoked by uid 500); 12 Jun 2009 17:11:34 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 52149 invoked by uid 99); 12 Jun 2009 17:11:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Jun 2009 17:11:34 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elison.smith@gmail.com designates 209.85.216.196 as permitted sender) Received: from [209.85.216.196] (HELO mail-px0-f196.google.com) (209.85.216.196) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Jun 2009 17:11:24 +0000 Received: by pxi34 with SMTP id 34so1828132pxi.10 for ; Fri, 12 Jun 2009 10:11:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=3MKNLLacXF5eDSwO8ihEtJCZU7Tb13n/2bmqm/E35zA=; b=ukbokjkdSuAEgjSeuNbZbx2Bkxklo6S/b2K2+jY0fwd+VylR2LyCZ8dOEjLIz3l2rM 9eYk0LFtToMTq4AGNv+Hxx0ngZYqtl5urdVdpCY5c/Bl5ay/AD5EUbMulyawhq03vimS SgP4yTvraBvBnmsbpbfp3ZSRqtgw1W6wo2+Xk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=tQdqUkI9sBaRPWF6pHgfKogKJQ2duBX/Yl+y4O9RKBGiXEYjS/96fnxYaM7FpyrE00 3Gl94CDempUWJf6Nw16z5HvOtI0Aw0huQnHfUWMh6GuSD2MSC2q/uQ3i6n6WP5QrrBOa PzYCkWK4P4ATO0JirNPAtI0QARRMEjkwysSas= MIME-Version: 1.0 Received: by 10.142.253.19 with SMTP id a19mr1524814wfi.85.1244826664795; Fri, 12 Jun 2009 10:11:04 -0700 (PDT) In-Reply-To: <4404d1f60906121000j2bebb0adp6996d747cfd93289@mail.gmail.com> References: <4404d1f60906121000j2bebb0adp6996d747cfd93289@mail.gmail.com> Date: Fri, 12 Jun 2009 10:11:04 -0700 Message-ID: <4404d1f60906121011v1ec020ecr3dc5f156c7a8cc95@mail.gmail.com> Subject: Re: [Slightly OT] How good is the mod_dosevasive default From: Elison Smith To: modules-dev@httpd.apache.org Content-Type: multipart/alternative; boundary=00504502c91c297f2d046c29cb6f X-Virus-Checked: Checked by ClamAV on apache.org --00504502c91c297f2d046c29cb6f Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I am also curious how mod_dosevasive will perform when multiple users from behind a NAT box access the web application at the same time. From the perspective of the mod - they will all look as coming from the same IP. That sounds risky. Any help is appreciated. Thanks. On Fri, Jun 12, 2009 at 10:00 AM, Elison Smith wrote: > > I am planning to put up a website which, like any other website, may get > DoS attacked. I have installed mod_dosevasive to protect against some degree > of application-layer DoS. > > I understand that here are the default settings of mod_dosevasive - > ( > http://www.theserverpages.com/articles/servers/linux/apache/mod_dosevasive_Apache_Module_How-To.html > ) > > > DOSHashTableSize 3097 > DOSPageCount 2 > DOSSiteCount 50 > DOSPageInterval 1 > DOSSiteInterval 1 > > DOSBlockingPeriod 10 > > > > Any experience how good this default works for the average website? I would > prefer to not spend time making changes to this default. > > Thanks! > > --00504502c91c297f2d046c29cb6f--