On Mon, 19 Nov 2007 20:19:20 +0100 "Ben Macintosh" <bmac.list@xxxxxxxxx> wrote: > 2007/11/18, Joshua Slive <joshua@xxxxxxxx>: > > > See: > > http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos > > > > The standard solution is a simple firewall rule to control number of > > connections per ip at some reasonable level. > > I already thought about using a firewall rule. Although it could be > quite difficult to get it right. As every malicious request blocks a > slot for 5 minutes there hasn't got to be a lot of traffic/requests. 5 minutes??? Where does that come from? Maybe you might want to use AcceptFilter to prevent malicious requests tying anything up for more than a couple of microseconds? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|