httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <>
Subject Re: [users@httpd] Re: apache service interruption
Date Thu, 01 Aug 2013 08:31:45 GMT
>> ModSecurity looks good and I think it works with nginx as well as
>> apache.  Is everyone who isn't running OSSEC HIDS or ModSecurity
>> vulnerable to a single client requesting too many pages and
>> interrupting the service?
> Not everyone, no. There are other alternatives such as mod_limitipconn
> and mod_reqtimeout to help with such problems as well.

mod_limitipconn sounded like the perfect solution until I started
thinking about how many people use the same IP address in some
environments like university campuses.  I could end up creating a lot
more problems than I solve.  Does ModSecurity have the same potential
downside?  Would mod_remoteip prevent this?

Is mod_reqtimeout a better solution?  I found the following config
recommended online within the context of Slowloris attack mitigation:

RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

Will that do anything to prevent someone from opening too many
connections and interrupting the apache service?

- Grant

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message