httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neelesh Gurjar <neel....@gmail.com>
Subject [users@httpd] How can I secure my apache server from DoS attack ?
Date Tue, 23 Jun 2009 12:25:31 GMT
Hi,
I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel
and Apache 1.3.37 running on it.

2 days back I got one script to test DoS attack on website. It is called
slowloris.pl  from http://ha.ckers.org/slowloris/

I run that script against my server and it worked. It stopped my website for
some time. That time all other services like SSH were working fine.

Can anybody suggests any configuration changes at Apache and OS/Kernel level
to prevent from this type of attack ?

Currently I am using following settings:

Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

Then Kernel settings are like :
tcp_keepalive_time 7200
tcp_keepalive_time 9
tcp_keepalive_intvl 75
tcp_syn_retries 5
tcp_synack_retries 5
tcp_fin_timeout 60

-- 
Regards
NeeleshG

LINUX is basically a simple operating system, but you have to be a genius to
understand the simplicity

Mime
View raw message