Professional Web Applications Themes

Denial of webserving attack prevention! - Linux / Unix Administration

If someone is running, say, ab on my computer to prevent Apache from serving other requests, how do I block them? ie. it has to cut off that computer if too many requests are received in too short a span of time. How? Thanks,...

  1. #1

    Default Denial of webserving attack prevention!

    If someone is running, say, ab on my computer to prevent Apache from
    serving other requests, how do I block them? ie. it has to cut off that
    computer if too many requests are received in too short a span of time.

    How?





    Thanks,

    themf@graffiti.net Guest

  2. #2

    Default Re: Denial of webserving attack prevention!

    On Mon, 02 May 2005 14:57:18 -0700, themf wrote:
     

    Many firewalls have the option to limit the number of concurrent
    connections from an IP or a netblock. For Linux, have a look at connlimit.

    M4
    --
    Redundancy is a great way to introduce more single points of failure.

    Martijn Guest

  3. #3

    Default Re: Denial of webserving attack prevention!


    connlimit.

    Any way to get Apache to do it directly?

    themf@graffiti.net Guest

  4. #4

    Default Re: Denial of webserving attack prevention!

    On 2005-05-02, net <net> wrote: 

    If they are running "ab" on your computer you might want to seriously
    think about removing that user from your computer. If they are doing
    malicious stuff they are obviously someone that you dont want around.

    --

    ( When in doubt, use brute force. -- Ken Thompson 1998 )
    c0ldbyte Guest

  5. #5

    Default Re: Denial of webserving attack prevention!

     
     

    Er - the guy running ab is on ANOTHER computer, not mine!

    themf@graffiti.net Guest

  6. #6

    Default Re: Denial of webserving attack prevention!

    On Tue, 03 May 2005 18:37:34 -0700, themf wrote:
     
    > connlimit.
    >
    > Any way to get Apache to do it directly?[/ref]

    Not afaik, maybe the situation changed but when I looked into it several
    years ago, there was no apache only solution. But you might want to browse
    the modules list at www.apache.org to see if there is anything suitable
    nowadays. (And let us know if you find something).

    M4
    --
    Redundancy is a great way to introduce more single points of failure.

    Martijn Guest

  7. #7

    Default Re: Denial of webserving attack prevention!

    On Sat, 07 May 2005 17:14:41 +0200, Martijn Lievaart <this.part.rtij.nl> wrote: 
    >> connlimit.
    >>
    >> Any way to get Apache to do it directly?[/ref]
    >
    > Not afaik, maybe the situation changed but when I looked into it several
    > years ago, there was no apache only solution. But you might want to browse
    > the modules list at www.apache.org to see if there is anything suitable
    > nowadays. (And let us know if you find something).[/ref]

    Pretty sure you can change what content is sent to which client
    by IP address, and am I imagining a mod_throttle or did I read about
    it once? Thought it was for this.

    There's an apache webserver newsgroup, this question might be in
    their FAQ. Apache.org's docs are also excellent with a good search
    engine. The words "deny" or "throttle" might be helpful for the search.

    Dave Hinz

    Dave Guest

  8. #8

    Default Re: Denial of webserving attack prevention!

    Le Thu, 05 May 2005 06:40:12 -0700, themf a écrit:
     

    >
    > Er - the guy running ab is on ANOTHER computer, not mine![/ref]

    That's understood :-)

    And that's another reason to act at the kernel/firewall level instead of
    at the server/userspace level where it can be pretty too late.

    Which don't stop you of setting further user rules at the apache level,
    but I think it's better to stop the possible deep attacks as soon as can
    be; i-e use the advice given by Martijn :-)
    Loki Guest

Similar Threads

  1. 2003 webserving misbehavior!?
    By pat in forum ASP
    Replies: 1
    Last Post: September 9th, 02:00 PM
  2. php, denial of service attack
    By Nabil in forum PHP Development
    Replies: 1
    Last Post: September 8th, 01:10 PM
  3. Replies: 15
    Last Post: July 20th, 11:58 PM
  4. strange packet denial
    By dzpost@dedekind.net in forum Debian
    Replies: 1
    Last Post: July 8th, 08:00 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139