Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4318F103F1 for ; Thu, 1 Aug 2013 08:32:23 +0000 (UTC) Received: (qmail 90637 invoked by uid 500); 1 Aug 2013 08:32:20 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 90290 invoked by uid 500); 1 Aug 2013 08:32:13 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 89900 invoked by uid 99); 1 Aug 2013 08:32:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 08:32:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of emailgrant@gmail.com designates 74.125.82.174 as permitted sender) Received: from [74.125.82.174] (HELO mail-we0-f174.google.com) (74.125.82.174) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 08:32:06 +0000 Received: by mail-we0-f174.google.com with SMTP id q54so1435183wes.19 for ; Thu, 01 Aug 2013 01:31:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=A1WBzn4WovfMX1uKwZl+gTVHw9hkLcYPsuiElPYemuk=; b=zI4taUFjRy6JB44NDcdkWXeGENBXHu1lDkYRBIRhkRvkTXBdU080KvCGmbG/b3lg2n 6anY1jiD5NwKg2xYAoGhvqV18+Ep/ll8KNuNHre1E33epGyT0FCdIIFhP+9bS1LUMscr owcH0RYnJcR/Ri93WqzuFNhVl/gcE/Jq21dSRG6Ddh26ETLsxIjW6pTgtLFu/EUvgjPj +AtHQHlcRn0jGNTrCyeZyp4ijPS7592/FiXLYemclMkNvqxkh/Tv7ZKC/M0+O22rjOpt 3f+GxHEnDRz3pZnRBJYknomYhObPUFSqwm/oN91rPbyNbXOy/r/9nKeq8WliLQXOSQuD FVJQ== MIME-Version: 1.0 X-Received: by 10.194.243.101 with SMTP id wx5mr324857wjc.49.1375345905234; Thu, 01 Aug 2013 01:31:45 -0700 (PDT) Received: by 10.194.104.199 with HTTP; Thu, 1 Aug 2013 01:31:45 -0700 (PDT) In-Reply-To: <20130730075303.GA1834@palma.openstrike.co.uk> References: <346c265337d1832d580bf92db427ecc7@itsecuritypros.org> <34362e43108806639bfc26468eaaab2a@itsecuritypros.org> <34f35ad7781b611ea484f0c2793a89ff@itsecuritypros.org> <20130730075303.GA1834@palma.openstrike.co.uk> Date: Thu, 1 Aug 2013 01:31:45 -0700 Message-ID: From: Grant To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Re: apache service interruption >> ModSecurity looks good and I think it works with nginx as well as >> apache. Is everyone who isn't running OSSEC HIDS or ModSecurity >> vulnerable to a single client requesting too many pages and >> interrupting the service? > > Not everyone, no. There are other alternatives such as mod_limitipconn > and mod_reqtimeout to help with such problems as well. mod_limitipconn sounded like the perfect solution until I started thinking about how many people use the same IP address in some environments like university campuses. I could end up creating a lot more problems than I solve. Does ModSecurity have the same potential downside? Would mod_remoteip prevent this? Is mod_reqtimeout a better solution? I found the following config recommended online within the context of Slowloris attack mitigation: RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 Will that do anything to prevent someone from opening too many connections and interrupting the apache service? - Grant --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org