Hello Neelesh, It is possible to use a modules called: mod_evasive this will help prevent DOS attacks occurring. http://www.zdziarski.com/projects/mod_evasive/ 2009/6/23 Neelesh Gurjar <neel.hjs@xxxxxxxxx> > > Hi, > I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel and Apache 1.3.37 running on it. > 2 days back I got one script to test DoS attack on website. It is called slowloris.pl from http://ha.ckers.org/slowloris/ > I run that script against my server and it worked. It stopped my website for some time. That time all other services like SSH were working fine. > Can anybody suggests any configuration changes at Apache and OS/Kernel level to prevent from this type of attack ? > Currently I am using following settings: > Timeout 300 > KeepAlive On > MaxKeepAliveRequests 100 > KeepAliveTimeout 5 > MinSpareServers 5 > MaxSpareServers 10 > StartServers 5 > MaxClients 150 > MaxRequestsPerChild 0 > > Then Kernel settings are like : > tcp_keepalive_time 7200 > tcp_keepalive_time 9 > tcp_keepalive_intvl 75 > tcp_syn_retries 5 > tcp_synack_retries 5 > tcp_fin_timeout 60 > > -- > Regards > NeeleshG > > LINUX is basically a simple operating system, but you have to be a genius to understand the simplicity -- Regards, Damian Myerscough --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|