On 5/28/06, Sergey Tsalkov <flightsimguy@xxxxxxxxx> wrote:
This is very wrong. I can't figure out why Apache doesn't have any defense against such an obvious attack -- even the connection limiting modules can't help because they have no way of knowing that all the requests are coming from the same IP.
I believe that some third-party modules can deal with this, although I've never tried them myself. I would guess that mod_ip_count could do it, for example. But the correct way to deal with this, as Grahm already suggested, is using your OS firewall. It has the capabilities to handle this type of problem with much less complication and resources than anything that could be built into apache. Most firewalls can limit the total connections from any particular IP address, completely eliminating this simple attack. See also: http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx