Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Prevent DOS attacks |
|
| Author |
|
flatcircle
Joined: 27 Jun 2006
Posts: 79
|
 Posted: Thu 30 Sep '10 12:28 Post subject: Prevent DOS attacks |
 |
|
Hello,
I wondered what's the best practice to protect against DOS attacks:
mod_dosevasive or mod_IPlimitconn ?
I tried mod_dosevasive from http://www.tomdonovan.net/download/mod_dosevasive22.zip on my Apache 2.2.16 but without success.
I tested my site with ab -n 10000 -c 200 http://www.mysite.com/ but my site responds to all requests. Seems like mod_dosevasive is not blocking anything.
Is there a version of mod_dosevasive available which works with Apache 2.2.16?
Regards. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 30 Sep '10 17:50 Post subject: |
|
|
as far as mod_dosevasive, it's working, just answers requests with 403s. How that evades a DOS has always been my question. mod_iplimitconn does basically the same thing.
Only way I know to stop a DOS attack is change wan ips, if yours is static ... you're kind of going to have to ride it out or get your ISP involved. |
|
| Back to top |
|
Kanashii
Joined: 17 Jul 2006
Posts: 155
Location: Porando
|
| Posted: Thu 30 Sep '10 17:59 Post subject: |
|
|
First question what types of DOS its it
1. TCP attack, solution: Hardenit.exe secureit.exe
2. Framme DOS, solution add to image etc
<FilesMatch "\.(flv|gif|png|ico|jpg|jpeg)$">
Header append X-FRAME-OPTIONS "DENY"
</FilesMatch>
3. Bandwidth DOS: bw_module, mod_throttle [ PER IP LIMIT]
4. ANTI Slowloris HTTP DoS: MaxConnPerIP 70
5. Limit request by IP, mod_dosevasive: http://www.apachelounge.com/viewtopic.php?t=917 |
|
| Back to top |
|
flatcircle
Joined: 27 Jun 2006
Posts: 79
|
| Posted: Thu 30 Sep '10 20:48 Post subject: |
|
|
Thank you for the info.
Do you know how can I check if my mod_dosevasive is configured correctly and is working?
Like I said, I used
but my site responds to all requests.
No error messages at all. |
|
| Back to top |
|
Kanashii
Joined: 17 Jul 2006
Posts: 155
Location: Porando
|
| Posted: Fri 01 Oct '10 2:03 Post subject: |
|
|
Change values ++ -- and try
<IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
DOSHashTableSize
Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
DOSPageCount
Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.
DOSSiteCount
Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.
DOSPageInterval
Interval for the 'DOSPageCount' threshold in second intervals.
DOSSiteInterval[/b]
Interval for the katalogowanie stron 'DOSSiteCount' threshold in second intervals.
DOSBlockingPeriod
Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked. |
|
| Back to top |
|
|
|
|
|
|
