I'm using Apache 1.3.36. mod_choke is supposed to be able to limit the number of connections per IP, but fails to do so for the reason discussed earlier in this thread. mod_evasive, and anti-DoS tool, also failed to stop the attack. Nick, you mentioned that Apache 2.2 has built-in countermeasures to stop this sort of attack.. I haven't been able to find anything on this myself, so would you mind pointing me to the relevant information in apache's docs? Maybe I'll have to upgrade.. On 5/28/06, Nick Kew <nick@xxxxxxxxxxxx> wrote:
On Sunday 28 May 2006 19:23, Sergey Tsalkov wrote: > This is very wrong. I can't figure out why Apache doesn't have any > defense against such an obvious attack -- even the connection limiting > modules can't help because they have no way of knowing that all the > requests are coming from the same IP. Which ones have you tried? And are you by any chance using the prefork MPM to maximise the cost to you of each connection? Apache 2.2 on some platforms uses connection filters to defend against precisely this kind of attack. -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|