httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Doe <jd...@yahoo.com>
Subject Re: [users@httpd] Handling a simple dos attack
Date Fri, 06 Nov 2009 13:58:30 GMT
From: "maillists0@gmail.com" <maillists0@gmail.com>
>We occasionally get hit by a miscreant client who will open a large number of connections
and leave them in an open/wait state, using all the available children. I have more than adequate
resources for normal traffic. Limiting the number of connections from a single source isn't
an option because the nature of our business means that we often have many connections from
a single IP. Right now, we deal with the problem by banning the offending IP in our firewall
and restarting Apache.  
>How do other people handle this? Is there something more creative I can do inside Apache?
I'm thinking of the way that Postfix handles stress, where it can decrease time-out values
under high load to drop connections more quickly and keep resources free (I know, it isn't
exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions
or pointers to the right docs would be greatly appreciated. 

Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
An article: http://www.codexon.com/posts/defending-against-the-new-dos-tool-slowloris

JD


      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message