httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <christian.fol...@post.ch>
Subject Re: [users@httpd] How to prevent from simple DoS?
Date Mon, 19 Nov 2007 08:21:58 GMT
On Sun, Nov 18, 2007 at 11:02:21AM -0500, Greg Boyington wrote:

> I like the firewall approach myself, as it seems likely that anyone
> with malicious intent (as distinct from the uninformed download
> accelerator user, etc) should forfeit their rights to your bandwidth
> regardless of protocol.  But for a purely apache solution, have a look
> at mod_access ( http://httpd.apache.org/docs/2.0/mod/mod_access.html
> ).

Hey Greg,

could you elaborate on this? How would you prevent this
attack with mod_access?

> > > As I understand the issue it's a very simple DoS as it neither does
> > > require a lot of cpu nor bandwidth on the client side.

Is there a proper name for this kind of attack. I am not sure
the original question was referring to a real attack. But if
it is one, what would be the correct name for this type?
I have been referring to it as "Request Delaying". But there
might be a better name, that is more widespread.

See http://permalink.gmane.org/gmane.comp.apache.mod-security.user/1923
form some thoughts.

regs,

Christian



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message