On Apr 23, 2007, at 2:31 AM, Jacky wrote:
In our production environment, we have 2 apache servers firewalled to accept port 80 and 443 only. These apache servers will load balanced to 2 of our resin servlet container. Recently we checked from our logs and verified that there are certain unwelcomed individuals that did a mass posting to our apache servers causing our normal operations nearly to a halt.I would like to ask for advice from the experienced individuals from this mailing list, what you guys normally do to counter this? What we are doing right now is blocking them from firewall. Wish to get some suggestions from this list.
Blocking attacks at the firewall is an excellent and very efficient approach, if the attacks come from only one or a few IP addresses.
For distributed attacks, you might consider mod_dosevasive and/or mod_security
http://www.modsecurity.org/ I'm not sure where the current home for dosevasive is. S. -- Sander Temme sctemme@xxxxxxxxxx PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|