What works will depend on your OS, but you may want to look at fail2ban: <http://www.fail2ban.org/wiki/index.php/Main_Page> I think it should be able to do the OS-level firewall management that you need. [your external firewall sounds fairly lame.] > Date: Tuesday, February 02, 2016 16:47:49 +0000 > From: George Genovezos <George.Genovezos@xxxxxxxxxx> > > Yes, > > I am referring to an external firewall. > > So the idea is to use the web server to proxy external traffic and > place an IP hit counter, that would throttle a DDOS attack. Even > with a unix firewall, we still need a way to identify the threat > and update the firewall. Do you have any thoughts on that? > > Thanks > > > George Genovezos > Application Security Architect > CISSP, ISSAP, CIFI > > Copart > I-- > > > > > > > > On 2/1/16, 6:04 PM, "Richard" <lists-apache@xxxxxxxxxxxxxxxxxxxxx> > wrote: > >> Are you referring to a 3rd-party firewall in front of the machine >> or the OS's firewall. Most *nix system (built-in) firewalls that >> I've dealt with have a lot of granularity and capabilities. They >> can certainly do an IP-specific (or range) blocks on one (or all) >> ports and some can do the throttling for you. That's what I've >> used when I've needed to deal with issues like yours. Changing a >> web server response to a 403 doesn't have all that much effect if >> you're dealing with high-volume traffic. >> >> >>> Date: Monday, February 01, 2016 22:07:45 +0100 >>> From: Luca Toscano <toscano.luca@xxxxxxxxx> >>> >>> Hi George, >>> >>> I would also check mod_qos for your use case! >>> >>> Luca >>> Il 01 feb 2016 22:00, "George Genovezos" >>> <George.Genovezos@xxxxxxxxxx> ha scritto: >>> >>>> Richard, >>>> >>>> I would agree with you that a more elegant solution is required. >>>> Unfortunately the firewall will only block or allow a particular >>>> port. >>>> >>>> The correct solution would be to implement an IPS solution in >>>> front of a firewall, but where in the do more with less phase. >>>> >>>> >>>> George Genovezos >>>> Application Security Architect >>>> CISSP, ISSAP, CIFI >>>> >>>> Copart >>>> I-- >>>> >>>> On 2/1/16, 2:27 PM, "Richard" >>>> <lists-apache@xxxxxxxxxxxxxxxxxxxxx> wrote: >>>> >>>> > >>>> > >>>> >> Date: Monday, February 01, 2016 19:52:51 +0000 >>>> >> From: George Genovezos <George.Genovezos@xxxxxxxxxx> >>>> >> >>>> >> Hi, >>>> >> >>>> >> I’m hoping someone can help with a problem I’m having. I >>>> >> need a basic Ddos mitigation tool. Basically, either >>>> >> throttling back certain IP addresses or blocking access after >>>> >> too many connections per second. >>>> >> >>>> >> I know mod_evasive did this but the project, to my knowledge >>>> >> is deprecated. >>>> >> >>>> >> So to draw this out, I want a web server to count the number >>>> >> of connection per seconds, and if an IP breaches this limit >>>> >> to either throttle or block the connection. Then I want to >>>> >> use mod_proxy to reverse proxy that clean connection to my >>>> >> web servers. >>>> >> >>>> >> Any feedback would be greatly appreciated. >>>> >> >>>> >> George Genovezos >>>> >> Application Security Architect >>>> >> CISSP, ISSAP, CIFI >>>> >> >>>> >> Copart >>>> > >>>> > In my view, doing this at the web server is rather late in the >>>> > game. If I'm reading the mod_evasive documentation correctly, >>>> > all it (or something similar) does is stops serving content >>>> > and returns 403s. If your content is resource expensive to >>>> > deliver that will help some, but you're still going to get >>>> > all the requests hitting the web server and you're still >>>> > going to be responding to them. >>>> > >>>> > The better place to address this is at your system's firewall. >>>> > Depending on your system, you likely have firewall tools that >>>> > can provide a more robust solution. >>>> > >>>> > >>>> > >>>> > ------------------------------------------------------------- >>>> > -- ------ To unsubscribe, e-mail: >>>> > users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, >>>> > e-mail: users-help@xxxxxxxxxxxxxxxx >>>> > >>>> >> >> ------------ End Original Message ------------ >> >> >> >> ----------------------------------------------------------------- >> ---- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > ------------------------------------------------------------------ > --- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For > additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ------------ End Original Message ------------ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|