| Author |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
 Posted: Thu 24 Oct '13 16:45 Post subject: Protect Apache against constant F5 |
 |
|
Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.
Is there any good way to protect Apache against it ? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
| Posted: Thu 24 Oct '13 17:56 Post subject: |
|
|
mod_bw or mod_ratelimit ? I don't want to limit the bandwidth just prevent for f5 refresh abuses - i just want to prevent refreshing the same page more than once per second/few seconds. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 24 Oct '13 20:17 Post subject: |
|
|
| I think mod_evasive would help best here but if set with too low a threshold, will not distinguish between someone hammering the F5 key or just serving normal content. |
|
| Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
| Posted: Fri 25 Oct '13 11:05 Post subject: |
|
|
| glsmith wrote: | | I think mod_evasive would help best here but if set with too low a threshold, will not distinguish between someone hammering the F5 key or just serving normal content. |
Yes, you are absolutely right. the hardest part is to determine a threshold properly. Is there any way i could measure the requests/sec based on IP address ?
Question : is it possible to use mod_evasive from apachehouse https://www.apachehaus.net/modules/mod_evasive2/ built with VC 2008 SP1 x64 with apachelounge Apache V10 distro ? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 25 Oct '13 21:57 Post subject: |
|
|
Q1: Don't know off hand.
Q2: From what I understand, VC10 is supposed to be able to use VC9 modules without problems. |
|
| Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
| Posted: Mon 28 Oct '13 10:06 Post subject: |
|
|
| glsmith wrote: | Q1: Don't know off hand.
Q2: From what I understand, VC10 is supposed to be able to use VC9 modules without problems. |
Is VC9 an equivalent name for VC 2008 ? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Mon 28 Oct '13 11:28 Post subject: |
|
|
| Qmpeltaty wrote: |
Is VC9 an equivalent name for VC 2008 ? |
Yes it is. |
|
| Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
| Posted: Mon 28 Oct '13 14:50 Post subject: |
|
|
| James Blond wrote: | | Qmpeltaty wrote: |
Is VC9 an equivalent name for VC 2008 ? |
Yes it is. |
Thank you Steffen. Is there any other way to determine mod_evasive thresholds than by preparing statistics based on access log ?? |
|
| Back to top |
|
