Handling a simple dos attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Handling a simple dos attack
From: maillists0@xxxxxxxxx
Date: Fri, 6 Nov 2009 07:09:56 -0500
Reply-to: users@xxxxxxxxxxxxxxxx

We occasionally get hit by a miscreant client who will open a large number of connections and leave them in an open/wait state, using all the available children. I have more than adequate resources for normal traffic. Limiting the number of connections from a single source isn't an option because the nature of our business means that we often have many connections from a single IP. Right now, we deal with the problem by banning the offending IP in our firewall and restarting Apache.

How do other people handle this? Is there something more creative I can do inside Apache? I'm thinking of the way that Postfix handles stress, where it can decrease time-out values under high load to drop connections more quickly and keep resources free (I know, it isn't exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions or pointers to the right docs would be greatly appreciated.

Follow-Ups:
- Re: Handling a simple dos attack
  - From: John Doe
- apache configure problem
  - From: Edward Quick

Prev by Date: Re: Warning in error log
Next by Date: RE: read-only balancer-manager
Previous by thread: Warning in error log
Next by thread: apache configure problem
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]