httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject Re: [users@httpd] My apache server attacked
Date Mon, 23 Apr 2007 15:03:08 GMT

On Apr 23, 2007, at 2:31 AM, Jacky wrote:

> In our production environment, we have 2 apache servers firewalled  
> to accept port 80 and 443 only.
> These apache servers will load balanced to 2 of our resin servlet  
> container. Recently we checked from our logs and verified that  
> there are certain unwelcomed individuals that did a mass posting to  
> our apache servers causing our normal operations nearly to a halt.
>
> I would like to ask for advice from the experienced individuals  
> from this mailing list, what you guys normally do to counter this?
> What we are doing right now is blocking them from firewall. Wish to  
> get some suggestions from this list.

Blocking attacks at the firewall is an excellent and very efficient  
approach, if the attacks come from only one or a few IP addresses.

For distributed attacks, you might consider mod_dosevasive and/or  
mod_security

http://www.modsecurity.org/

I'm not sure where the current home for dosevasive is.

S.

-- 
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




Mime
View raw message