You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by George Genovezos <Ge...@Copart.Com> on 2016/02/01 20:52:51 UTC
[users@httpd] Re: throttling IP addresses
Hi,
I’m hoping someone can help with a problem I’m having. I need a basic Ddos mitigation tool. Basically, either throttling back certain IP addresses or blocking access after too many connections per second.
I know mod_evasive did this but the project, to my knowledge is deprecated.
So to draw this out, I want a web server to count the number of connection per seconds, and if an IP breaches this limit to either throttle or block the connection. Then I want to use mod_proxy to reverse proxy that clean connection to my web servers.
Any feedback would be greatly appreciated.
George Genovezos
Application Security Architect
CISSP, ISSAP, CIFI
Copart
I--
Re: [users@httpd] Re: throttling IP addresses
Posted by Luca Toscano <to...@gmail.com>.
Hi George,
I would also check mod_qos for your use case!
Luca
Il 01 feb 2016 22:00, "George Genovezos" <Ge...@copart.com> ha
scritto:
> Richard,
>
> I would agree with you that a more elegant solution is required.
> Unfortunately the firewall will only block or allow a particular port.
>
> The correct solution would be to implement an IPS solution in front of a
> firewall, but where in the do more with less phase.
>
>
> George Genovezos
> Application Security Architect
> CISSP, ISSAP, CIFI
>
> Copart
> I--
>
>
>
>
>
>
>
>
> On 2/1/16, 2:27 PM, "Richard" <li...@listmail.innovate.net> wrote:
>
> >
> >
> >> Date: Monday, February 01, 2016 19:52:51 +0000
> >> From: George Genovezos <Ge...@Copart.Com>
> >>
> >> Hi,
> >>
> >> I’m hoping someone can help with a problem I’m having. I need
> >> a basic Ddos mitigation tool. Basically, either throttling back
> >> certain IP addresses or blocking access after too many connections
> >> per second.
> >>
> >> I know mod_evasive did this but the project, to my knowledge is
> >> deprecated.
> >>
> >> So to draw this out, I want a web server to count the number of
> >> connection per seconds, and if an IP breaches this limit to either
> >> throttle or block the connection. Then I want to use mod_proxy to
> >> reverse proxy that clean connection to my web servers.
> >>
> >> Any feedback would be greatly appreciated.
> >>
> >> George Genovezos
> >> Application Security Architect
> >> CISSP, ISSAP, CIFI
> >>
> >> Copart
> >
> >In my view, doing this at the web server is rather late in the game.
> >If I'm reading the mod_evasive documentation correctly, all it (or
> >something similar) does is stops serving content and returns 403s.
> >If your content is resource expensive to deliver that will help
> >some, but you're still going to get all the requests hitting the web
> >server and you're still going to be responding to them.
> >
> >The better place to address this is at your system's firewall.
> >Depending on your system, you likely have firewall tools that can
> >provide a more robust solution.
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
>
Re: [users@httpd] Re: throttling IP addresses
Posted by George Genovezos <Ge...@Copart.Com>.
Richard,
I would agree with you that a more elegant solution is required. Unfortunately the firewall will only block or allow a particular port.
The correct solution would be to implement an IPS solution in front of a firewall, but where in the do more with less phase.
George Genovezos
Application Security Architect
CISSP, ISSAP, CIFI
Copart
I--
On 2/1/16, 2:27 PM, "Richard" <li...@listmail.innovate.net> wrote:
>
>
>> Date: Monday, February 01, 2016 19:52:51 +0000
>> From: George Genovezos <Ge...@Copart.Com>
>>
>> Hi,
>>
>> I’m hoping someone can help with a problem I’m having. I need
>> a basic Ddos mitigation tool. Basically, either throttling back
>> certain IP addresses or blocking access after too many connections
>> per second.
>>
>> I know mod_evasive did this but the project, to my knowledge is
>> deprecated.
>>
>> So to draw this out, I want a web server to count the number of
>> connection per seconds, and if an IP breaches this limit to either
>> throttle or block the connection. Then I want to use mod_proxy to
>> reverse proxy that clean connection to my web servers.
>>
>> Any feedback would be greatly appreciated.
>>
>> George Genovezos
>> Application Security Architect
>> CISSP, ISSAP, CIFI
>>
>> Copart
>
>In my view, doing this at the web server is rather late in the game.
>If I'm reading the mod_evasive documentation correctly, all it (or
>something similar) does is stops serving content and returns 403s.
>If your content is resource expensive to deliver that will help
>some, but you're still going to get all the requests hitting the web
>server and you're still going to be responding to them.
>
>The better place to address this is at your system's firewall.
>Depending on your system, you likely have firewall tools that can
>provide a more robust solution.
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Re: throttling IP addresses
Posted by Richard <li...@listmail.innovate.net>.
> Date: Monday, February 01, 2016 19:52:51 +0000
> From: George Genovezos <Ge...@Copart.Com>
>
> Hi,
>
> I’m hoping someone can help with a problem I’m having. I need
> a basic Ddos mitigation tool. Basically, either throttling back
> certain IP addresses or blocking access after too many connections
> per second.
>
> I know mod_evasive did this but the project, to my knowledge is
> deprecated.
>
> So to draw this out, I want a web server to count the number of
> connection per seconds, and if an IP breaches this limit to either
> throttle or block the connection. Then I want to use mod_proxy to
> reverse proxy that clean connection to my web servers.
>
> Any feedback would be greatly appreciated.
>
> George Genovezos
> Application Security Architect
> CISSP, ISSAP, CIFI
>
> Copart
In my view, doing this at the web server is rather late in the game.
If I'm reading the mod_evasive documentation correctly, all it (or
something similar) does is stops serving content and returns 403s.
If your content is resource expensive to deliver that will help
some, but you're still going to get all the requests hitting the web
server and you're still going to be responding to them.
The better place to address this is at your system's firewall.
Depending on your system, you likely have firewall tools that can
provide a more robust solution.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org