httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] Re: throttling IP addresses
Date Mon, 01 Feb 2016 21:07:45 GMT
Hi George,

I would also check mod_qos for your use case!

Luca
Il 01 feb 2016 22:00, "George Genovezos" <George.Genovezos@copart.com> ha
scritto:

> Richard,
>
> I would agree with you that a more elegant solution is required.
> Unfortunately the firewall will only block or allow a particular port.
>
> The correct solution would be to implement an IPS solution in front of a
> firewall, but where in the do more with less phase.
>
>
> George Genovezos
> Application Security Architect
> CISSP, ISSAP, CIFI
>
> Copart
> I--
>
>
>
>
>
>
>
>
> On 2/1/16, 2:27 PM, "Richard" <lists-apache@listmail.innovate.net> wrote:
>
> >
> >
> >> Date: Monday, February 01, 2016 19:52:51 +0000
> >> From: George Genovezos <George.Genovezos@Copart.Com>
> >>
> >> Hi,
> >>
> >> I’m hoping someone can help with a problem I’m having. I need
> >> a basic Ddos  mitigation tool. Basically, either throttling back
> >> certain IP addresses or blocking access after too many connections
> >> per second.
> >>
> >> I know mod_evasive did this but the project, to my knowledge is
> >> deprecated.
> >>
> >> So to draw this out, I want a web server to count the number of
> >> connection per seconds, and if an IP breaches this limit to either
> >> throttle or block the connection. Then I want to use mod_proxy to
> >> reverse proxy that clean connection to my web servers.
> >>
> >> Any feedback would be greatly appreciated.
> >>
> >> George Genovezos
> >> Application Security Architect
> >> CISSP, ISSAP, CIFI
> >>
> >> Copart
> >
> >In my view, doing this at the web server is rather late in the game.
> >If I'm reading the mod_evasive documentation correctly, all it (or
> >something similar) does is stops serving content and returns 403s.
> >If your content is resource expensive to deliver that will help
> >some, but you're still going to get all the requests hitting the web
> >server and you're still going to be responding to them.
> >
> >The better place to address this is at your system's firewall.
> >Depending on your system, you likely have firewall tools that can
> >provide a more robust solution.
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
>

Mime
View raw message