Re: Re: throttling IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Richard,

I would agree with you that a more elegant solution is required. Unfortunately the firewall will only block or allow a particular port.

The correct solution would be to implement an IPS solution in front of a firewall, but where in the do more with less phase.


George Genovezos
Application Security Architect
CISSP, ISSAP, CIFI

Copart
I-- 








On 2/1/16, 2:27 PM, "Richard" <lists-apache@xxxxxxxxxxxxxxxxxxxxx> wrote:

>
>
>> Date: Monday, February 01, 2016 19:52:51 +0000
>> From: George Genovezos <George.Genovezos@xxxxxxxxxx>
>> 
>> Hi,
>> 
>> I’m hoping someone can help with a problem I’m having. I need
>> a basic Ddos  mitigation tool. Basically, either throttling back
>> certain IP addresses or blocking access after too many connections
>> per second.
>> 
>> I know mod_evasive did this but the project, to my knowledge is
>> deprecated.
>> 
>> So to draw this out, I want a web server to count the number of
>> connection per seconds, and if an IP breaches this limit to either
>> throttle or block the connection. Then I want to use mod_proxy to
>> reverse proxy that clean connection to my web servers.
>> 
>> Any feedback would be greatly appreciated.
>> 
>> George Genovezos
>> Application Security Architect
>> CISSP, ISSAP, CIFI
>> 
>> Copart
>
>In my view, doing this at the web server is rather late in the game.
>If I'm reading the mod_evasive documentation correctly, all it (or
>something similar) does is stops serving content and returns 403s.
>If your content is resource expensive to deliver that will help
>some, but you're still going to get all the requests hitting the web
>server and you're still going to be responding to them.
>
>The better place to address this is at your system's firewall.
>Depending on your system, you likely have firewall tools that can
>provide a more robust solution.
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux