How about mod_bandwidth to limit by number of connections and/or bandwidth
used per IP etc. For example as a rough set and forget configuration, set it
so the maximum anyone can suck out of your server is one quarter of your
maximum connections and bandwidth.
http://www.cohprog.com/v3/bandwidth/intro-en.html
Regards,
Jon
On Sunday 14 August 2005 09:19, Sean Conner wrote:
> It was thus said that the Great Maxim Vexler once stated:
> > > > What can be done to stop the "attack" ?
> > >
> > > It's pretty easy to stop this under Linux (this may work under other
> > > Unix flavors if you adjust the command accordingly), by doing, as root:
> > > #GenericRootUnixPrompt> route add -host <ip.address.of.attacker> reject
> > > This will cause Linux to ignore any packets from the given IP address
> > > (if it doesn't work, try "route add <ip.address> netmask
> > > 255.255.255.255 reject"). -spc
> >
> > Sean, thank you for the quick replay.
> > Don't you think that a complete block on the client's IP is a too rush
> > tactic? It's a legitimate user, his only fault was that he used this
> > spidering tool, which had the side effect of DoS on the httpd daemon, I
> > honestly don't think the client meant this to occur.
>
> It depends upon who you talk to; some admins I know would consider that
> being too leinient. But as a stop-gag measure to keep your server up it's
> not that bad, and you can always remove the block just as easily ("route
> del <ip.address> reject") once it's been resolved).
>
> > I would like to note that I'm looking for some kind of automatic tool
> > to fight this.
> > Maybe a mod for Apache that could reject the client at the httpd
> > daemon level on a time based period? the logic behind this is that
> > this machine is not frequently monitored and I would prefer some kind
> > of automatic solution.
>
> I know of some people that have a process monitoring the log files and if
> something hits too fast (or hits something it shouldn't hit) the log
> monitoring process will block the IP address, either by adding it to the
> Apache configuration or by the method I described. I know such programs
> exist, but I've never used them so I can't help you there.
>
> -spc
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|