[CentOS] Re: centos and apache DOS question
chrism at imntv.com
chrism at imntv.com
Sun Oct 22 15:06:01 UTC 2006
Ralph Angenendt wrote:
> Jim Perrin wrote:
>
>>> That part I understand. AFAIK there is no way to stop that kind of thing
>>> without the help from the upstream provider.
>>>
>> There's also an apache module you can use which may help. While it
>> won't stop everything, it may help a bit with your current situation.
>> http://www.zdziarski.com/projects/mod_evasive/ It's designed to help
>> apache deal with brute force DOS attempts.
>>
>
> But do be careful with that one. Though it is designed to look for
> "X-Forwarded-For"-Headers by caching proxies, not all proxies set that
> header. So you might deny access to people using those proxies. And you
> have to look at traffic patterns for your website first, so that you do
> not set the access limits too low and deny regular traffic to your
> website (if you - for example - have many small images on your website).
>
I agree. I think the solution to this problem is not to lock down the
server, but to have a conversation with the "client" and let them know
that the marketing company is knowingly (whether it's through laziness
or stupidity is really irrelevant) causing performance problems for the
server hosting their website. Explain to the client that the marketing
company has been unresponsive and that it would possibly be helpful if
the client would pass those concerns on to their marketing people. That
would be my first mode of "attack" here. If that doesn't work, it might
be simpler to set up a quick iptable filter to limit the maximum number
of connections from the naughty netblock (assuming they always mug you
from the same place).
Cheers,
More information about the CentOS
mailing list