From: "maillists0@xxxxxxxxx" <maillists0@xxxxxxxxx>
>We occasionally get hit by a miscreant client who will open a large number of connections and leave them in an open/wait state, using all the available children. I have more than adequate resources for normal traffic. Limiting the number of connections from a single source isn't an option because the nature of our business means that we often have many connections from a single IP. Right now, we deal with the problem by banning the offending IP in our firewall and restarting Apache.
>How do other people handle this? Is there something more creative I can do inside Apache? I'm thinking of the way that Postfix handles stress, where it can decrease time-out values under high load to drop connections more quickly and keep resources free (I know, it isn't exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions or pointers to the right docs would be greatly appreciated.
Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
An article: http://www.codexon.com/posts/defending-against-the-new-dos-tool-slowloris
JD
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|