Welcome to MobyThreads.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

apache DOS workaround ?

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Related Topics:
Apache Log IP Via - Hi to all, i have an apache external and more apache internal. On external Apache I set more and with mod_proxy talk with all internal apache. For example: On ProxyPass / /..

Apache og ASP ? - Hello Can anyone here explain to me, if it is in Apache .conf file or somewhere in Sun One ASP I should configure the so my users cannot see anything but there own directory on the Apache server ? The situation is as

apache 2 and php on mac - what lines do i need in the httpd and what files or other do i need to get it in. macosx 10.3.5 and have switched to a fink so that may involve some heavy dancing. jimt

ASP.Net under Apache - Is there a module for Apache that allows the running of ASP.Net? Perhaps uses Mono?

apache not doing any PHP. - Hi I'm running Apache 1.3 with mod_php4 on a suse 9.0 box. However when a client tries to open a the file download dialog opens instead of showing the contents of the page. The PHP Module seems to be loaded my has the..
Next:  Apache: reverse mod_rewrite  
Author Message
Sebastien BLAISOT

External


Since: Dec 16, 2005
Posts: 1



(Msg. 1) Posted: Fri Dec 16, 2005 4:55 am
Post subject: apache DOS workaround ?
Archived from groups: alt>apache>configuration (more info?)
Hi,

With a Timeout of 300 and a maxclient of 150, a client (machine) can
block an apache server from responding by establishing 150 connexions to
the server and sending a packet to each connexions every 300 seconds (by
example another line of a request header).

If you send a packet every 300 seconds, the connection remains active
forever (until the apache restart).

This means that with 150 packets every 5 minutes, in such a
configuration, you can make a denial of service on the apache server.

lowering the timeout helps, but doesn't prevent the problem. it will
just nedd a little more paquets.

is there a way, to prevent such things to happen, to limit the time
taken by a non-keepalive connection ?

--
Sebastien

 >> Stay informed about: apache DOS workaround ? 
Back to top
Login to vote
Purl Gurl

External


Since: Nov 10, 2005
Posts: 20



(Msg. 2) Posted: Fri Dec 16, 2005 3:55 pm
Post subject: Re: apache DOS workaround ? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Sebastien BLAISOT wrote:

> With a Timeout of 300 and a maxclient of 150, a client (machine) can
> block an apache server from responding by establishing 150 connexions to
> the server and sending a packet to each connexions every 300 seconds (by
> example another line of a request header).

Change your timeout to 15 and leave your max client as is.

This type of attack is very rare, and is not effective, at all.

Apache will spawn children as needed, and continue to serve just fine.
Your resource usage may increase some, but not so much to cause
a problem, unless you are running a very old machine with maybe
just 16 megabytes of RAM.

There is a module, mod_throttle which addresses this. However, this
module is not designed for newer 2.x versions, least last time I checked.
This module is resource intense and will inflict a serious performance
hit for busy servers. For a small casual server, works very good!

You are worrying for nothing. Relax, what you describe is not a major problem.

Purl Gurl

 >> Stay informed about: apache DOS workaround ? 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]