On Sun, 22 Oct 2006, DamianS wrote:
The thing I am concerned about is, what if someone decides to do this because they
want to bring the server down? This seems like a trivial way to execute a DOS.
So my question really is how do I prevent un-polite people from bringing the
server down? httpd appears to be consuming all of the available memory when this
occurs. If I increase the max https processes will that not aggrivate the
situation? If I need to add more memory I can do that but I am trying to understand
exactly what is going on here.
More memory will not help.
You want to restrict the max number of concurrent http connections from
each IP.
Well that sounds reasonable but is there some place where this is explained.
What is the correct number to limit it to? Is this based on something besides
trial and error??
This will not prevent a full-scale DOS attack, which could potentially
involve tens of thousands of zombie machines attacking your server.
That part I understand. AFAIK there is no way to stop that kind of thing
without the help from the upstream provider.
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos