httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Admin <aamit.apa...@gmail.com>
Subject Re: [users@httpd] How can I secure my apache server from DoS attack ?
Date Wed, 24 Jun 2009 04:49:54 GMT
Please Change Following Parameters

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 4000

Then Kernel settings are like :

tcp_keepalive_time=900
tcp_fin_timeout=30
tcp_max_orphans=16384
tcp_tw_reuse=1
tcp_tw_recycle=1
tcp_rfc1337=1
tcp_no_metrics_save=1
tcp_fin_timeout 60
conf.default.rp_filter=1
tcp_syncookies=1
tcp_synack_retries=3
tcp_syn_retries=3
Regards

Amit Maheshwari
Linux System Administrator
New Del







On Tue, Jun 23, 2009 at 5:55 PM, Neelesh Gurjar <neel.hjs@gmail.com> wrote:

> Hi,
> I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel
> and Apache 1.3.37 running on it.
>
> 2 days back I got one script to test DoS attack on website. It is called
> slowloris.pl  from http://ha.ckers.org/slowloris/
>
> I run that script against my server and it worked. It stopped my website
> for some time. That time all other services like SSH were working fine.
>
> Can anybody suggests any configuration changes at Apache and OS/Kernel
> level to prevent from this type of attack ?
>
> Currently I am using following settings:
>
> Timeout 300
> KeepAlive On
> MaxKeepAliveRequests 100
> KeepAliveTimeout 5
> MinSpareServers 5
> MaxSpareServers 10
> StartServers 5
> MaxClients 150
> MaxRequestsPerChild 0
>
> Then Kernel settings are like :
> tcp_keepalive_time 7200
> tcp_keepalive_time 9
> tcp_keepalive_intvl 75
> tcp_syn_retries 5
> tcp_synack_retries 5
> tcp_fin_timeout 60
>
> --
> Regards
> NeeleshG
>
> LINUX is basically a simple operating system, but you have to be a genius
> to understand the simplicity
>

Mime
View raw message