httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Boyington" <g...@regex.ca>
Subject Re: [users@httpd] How to prevent from simple DoS?
Date Mon, 19 Nov 2007 15:56:45 GMT
On Nov 19, 2007 10:47 AM, Nick Kew <nick@webthing.com> wrote:
> On Mon, 19 Nov 2007 09:59:20 -0500
> "Greg Boyington" <greg@regex.ca> wrote:
>
> > On Nov 19, 2007 3:21 AM, Christian Folini <christian.folini@post.ch>
> > wrote:
> > > Hey Greg,
> > >
> > > could you elaborate on this? How would you prevent this
> > > attack with mod_access?
> >
> > In one case where an attack was under way but I didn't have access to
> > the firewall, I added something like:
> >
> > Order Deny,Allow
> > # offending requests coming from this class C
> > Deny from 192.168.123
>
> "This class C" is in 192.168, which means it's your organisation's
> internal network!

Er, this was for example purposes only.  I figured "Something like"
might have made that clear; sorry for the confusion.

> Then you just played quite a big part in DOSing yourself.
> Enabling .htaccess is a BIG performance hit, affecting
> all HTTP traffic - including what you subsequently allow.

I would suggest that you are overstating the impact of .htaccess.
That aside, enabling .htaccess and encurring whatever performance
penalty it places upon the server is better than suffering the effects
of a DoS, at least for the duration of the attack.

-G

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message