You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2006/01/17 17:56:06 UTC
svn commit: r369835 - in /httpd/httpd/trunk/docs/manual/misc:
security_tips.html.en security_tips.xml security_tips.xml.ko
Author: slive
Date: Tue Jan 17 08:56:01 2006
New Revision: 369835
URL: http://svn.apache.org/viewcvs?rev=369835&view=rev
Log:
A few small anti-DoS updates including the Limit* directives.
Modified:
httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
httpd/httpd/trunk/docs/manual/misc/security_tips.xml
httpd/httpd/trunk/docs/manual/misc/security_tips.xml.ko
Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/misc/security_tips.html.en?rev=369835&r1=369834&r2=369835&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.html.en (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.html.en Tue Jan 17 08:56:01 2006
@@ -64,17 +64,17 @@
- <p>All network servers are subject to denial of service atacks
+ <p>All network servers can be subject to denial of service atacks
that attempt to prevent responses to clients by tying up the
resources of the server. It is not possible to prevent such
attacks entirely, but you can do certain things to mitigate the
problems that they create.</p>
- <p>Often the most effective anti-DoS tools will be a firewall or
- other operating-system tools. For example, most firewalls can be
- configured to restrict the number of simultaneous connections from
- any individual IP address or network, thus preventing a range of
- simple attacks.</p>
+ <p>Often the most effective anti-DoS tool will be a firewall or
+ other operating-system configurations. For example, most
+ firewalls can be configured to restrict the number of simultaneous
+ connections from any individual IP address or network, thus
+ preventing a range of simple attacks.</p>
<p>There are also certain Apache HTTP Server configuration
settings that can help mitigate problems:</p>
@@ -85,10 +85,19 @@
Setting this to as low as a few seconds may be appropriate. See
also the <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code>
directive and various timeout-related directives provided by
- other modules.</li>
+ different modules.</li>
+
+ <li>The directives
+ <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfilesize">LimitRequestFileSize</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code>, and
+ <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code>
+ should be carefully configured to limit resource consumption
+ triggered by client input.</li>
<li>On operating systems that support it, make sure that you use
- the <code class="directive">AcceptFilter</code> directive
+ the <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> directive
to offload part of the request processing to the operating
system. This is active by default in Apache httpd, but may
require reconfiguration of your kernel.</li>
Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/misc/security_tips.xml?rev=369835&r1=369834&r2=369835&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.xml (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.xml Tue Jan 17 08:56:01 2006
@@ -56,17 +56,17 @@
<title>Denial of Service (DoS) attacks</title>
- <p>All network servers are subject to denial of service atacks
+ <p>All network servers can be subject to denial of service atacks
that attempt to prevent responses to clients by tying up the
resources of the server. It is not possible to prevent such
attacks entirely, but you can do certain things to mitigate the
problems that they create.</p>
- <p>Often the most effective anti-DoS tools will be a firewall or
- other operating-system tools. For example, most firewalls can be
- configured to restrict the number of simultaneous connections from
- any individual IP address or network, thus preventing a range of
- simple attacks.</p>
+ <p>Often the most effective anti-DoS tool will be a firewall or
+ other operating-system configurations. For example, most
+ firewalls can be configured to restrict the number of simultaneous
+ connections from any individual IP address or network, thus
+ preventing a range of simple attacks.</p>
<p>There are also certain Apache HTTP Server configuration
settings that can help mitigate problems:</p>
@@ -77,10 +77,19 @@
Setting this to as low as a few seconds may be appropriate. See
also the <directive module="core">KeepAliveTimeout</directive>
directive and various timeout-related directives provided by
- other modules.</li>
+ different modules.</li>
+
+ <li>The directives
+ <directive module="core">LimitRequestBody</directive>,
+ <directive module="core">LimitRequestFields</directive>,
+ <directive module="core">LimitRequestFileSize</directive>,
+ <directive module="core">LimitRequestLine</directive>, and
+ <directive module="core">LimitXMLRequestBody</directive>
+ should be carefully configured to limit resource consumption
+ triggered by client input.</li>
<li>On operating systems that support it, make sure that you use
- the <directive mdoule="core">AcceptFilter</directive> directive
+ the <directive module="core">AcceptFilter</directive> directive
to offload part of the request processing to the operating
system. This is active by default in Apache httpd, but may
require reconfiguration of your kernel.</li>
Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.xml.ko
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/misc/security_tips.xml.ko?rev=369835&r1=369834&r2=369835&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.xml.ko [euc-kr] Tue Jan 17 08:56:01 2006
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:179703 (outdated) -->
+<!-- English Revision: 105989:369829 (outdated) -->
<!--
Copyright 2004-2005 The Apache Software Foundation or its licensors,