[CentOS] Re: centos and apache DOS question

Sun Oct 22 03:01:35 UTC 2006
Tom Diehl <tdiehl at rogueind.com>

On Sun, 22 Oct 2006, DamianS wrote:

>> The thing I am concerned about is, what if someone decides to do this because they
>> want to bring the server down? This seems like a trivial way to execute a DOS.
>>
>> So my question really is how do I prevent un-polite people from bringing the
>> server down? httpd appears to be consuming all of the available memory when this
>> occurs. If I increase the max https processes will that not aggrivate the
>> situation? If I need to add more memory I can do that but I am trying to understand
>> exactly what is going on here.
>>
> More memory will not help.
> You want to restrict the max number of concurrent http connections from
> each IP.

Well that sounds reasonable but is there some place where this is explained.
What is the correct number to limit it to? Is this based on something besides
trial and error??

> This will not prevent a full-scale DOS attack, which could potentially
> involve tens of thousands of zombie machines attacking your server.

That part I understand. AFAIK there is no way to stop that kind of thing
without the help from the upstream provider.

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com