You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ma...@gmail.com on 2009/11/06 13:09:56 UTC
[users@httpd] Handling a simple dos attack
We occasionally get hit by a miscreant client who will open a large number
of connections and leave them in an open/wait state, using all the available
children. I have more than adequate resources for normal traffic. Limiting
the number of connections from a single source isn't an option because the
nature of our business means that we often have many connections from a
single IP. Right now, we deal with the problem by banning the offending IP
in our firewall and restarting Apache.
How do other people handle this? Is there something more creative I can do
inside Apache? I'm thinking of the way that Postfix handles stress, where it
can decrease time-out values under high load to drop connections more
quickly and keep resources free (I know, it isn't exactly comparable to
http, but still ... ). Can I do something similar with Apache? Suggestions
or pointers to the right docs would be greatly appreciated.
[users@httpd] Re: Handling a simple dos attack
Posted by LuKreme <kr...@kreme.com>.
On 6-Nov-2009, at 06:58, John Doe wrote:
> Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
It'd sure be nice if there was documentation on 'mod_evasive is fully
tweakable through the Apache configuration file, easy to incorporate
into your web server, and easy to use.'
--
It was not, it could not be real.
But in the roaring air he knew that it was, for all who needed to
believe, and in a belief so strong that truth was not the same as
fact... he knew that for now, and yesterday, and tomorrow, both the
thing, and the whole of the thing. --The Fifth Elephant
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Handling a simple dos attack
Posted by John Doe <jd...@yahoo.com>.
From: "maillists0@gmail.com" <ma...@gmail.com>
>We occasionally get hit by a miscreant client who will open a large number of connections and leave them in an open/wait state, using all the available children. I have more than adequate resources for normal traffic. Limiting the number of connections from a single source isn't an option because the nature of our business means that we often have many connections from a single IP. Right now, we deal with the problem by banning the offending IP in our firewall and restarting Apache.
>How do other people handle this? Is there something more creative I can do inside Apache? I'm thinking of the way that Postfix handles stress, where it can decrease time-out values under high load to drop connections more quickly and keep resources free (I know, it isn't exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions or pointers to the right docs would be greatly appreciated.
Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
An article: http://www.codexon.com/posts/defending-against-the-new-dos-tool-slowloris
JD
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Re: apache configure problem
Posted by Edward Quick <Ed...@igindex.co.uk>.
Ok sorry about that. My mistake.
-----Original Message-----
From: LuKreme [mailto:kremels@kreme.com]
Sent: 06 November 2009 13:24
To: users@httpd.apache.org
Subject: [users@httpd] Re: apache configure problem
On 6-Nov-2009, at 05:50, Edward Quick wrote:
> Hi,
Hi. Please don't hijack someone else's message. When you are going to
begin a new message, DO NOT begin it by replying to another message
and then changing the subject. Create a NEW message.
--
You are responsible for your Rose
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index Ltd is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: apache configure problem
Posted by LuKreme <kr...@kreme.com>.
On 6-Nov-2009, at 05:50, Edward Quick wrote:
> Hi,
Hi. Please don't hijack someone else's message. When you are going to
begin a new message, DO NOT begin it by replying to another message
and then changing the subject. Create a NEW message.
--
You are responsible for your Rose
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] apache configure problem
Posted by Edward Quick <Ed...@igindex.co.uk>.
Hi,
I checked out the httpd source code and tried to generate the configure but this fails when run :
TEST $ autoconf
TEST $ ./configure
./configure: line 1396: syntax error near unexpected token `Apache,'
./configure: line 1396: `APR_ENABLE_LAYOUT(Apache, errordir iconsdir htdocsdir cgidir)'
TEST $ autoconf --version
autoconf (GNU Autoconf) 2.59
Am I doing something wrong?
Thanks for any help.
Edward.
________________________________
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index Ltd is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.