Handling a simple dos attack

--000e0cd28cf4e7f53d0477b2b8aa
Content-Type: text/plain; charset=ISO-8859-1

We occasionally get hit by a miscreant client who will open a large number
of connections and leave them in an open/wait state, using all the available
children. I have more than adequate resources for normal traffic. Limiting
the number of connections from a single source isn't an option because the
nature of our business means that we often have many connections from a
single IP. Right now, we deal with the problem by banning the offending IP
in our firewall and restarting Apache.

How do other people handle this? Is there something more creative I can do
inside Apache? I'm thinking of the way that Postfix handles stress, where it
can decrease time-out values under high load to drop connections more
quickly and keep resources free (I know, it isn't exactly comparable to
http, but still ... ). Can I do something similar with Apache? Suggestions
or pointers to the right docs would be greatly appreciated.

--000e0cd28cf4e7f53d0477b2b8aa
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

We occasionally get hit by a miscreant client who will open a large number =
of connections and leave them in an open/wait state, using all the availabl=
e children. I have more than adequate resources for normal traffic. Limitin=
g the number of connections from a single source isn't an option becaus=
e the nature of our business means that we often have many connections from=
a single IP. Right now, we deal with the problem by banning the offending =
IP in our firewall and restarting Apache.=A0


How do other people handle this? Is there something more creative I can=
do inside Apache? I'm thinking of the way that Postfix handles stress,=
where it can decrease time-out values under high load to drop connections =
more quickly and keep resources free (I know, it isn't exactly comparab=
le to http, but still ... ). Can I do something similar with Apache? Sugges=
tions or pointers to the right docs would be greatly appreciated.


--000e0cd28cf4e7f53d0477b2b8aa--

apache configure problem

--_000_F41794BFF0B8CE4B9CF5C56209A98322387FB354PRDEXC103igii gl_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

I checked out the httpd source code and tried to generate the configure but=
this fails when run :

TEST $ autoconf

TEST $ ./configure
../configure: line 1396: syntax error near unexpected token `Apache,'
../configure: line 1396: `APR_ENABLE_LAYOUT(Apache, errordir iconsdir htdocs=
dir cgidir)'

TEST $ autoconf --version
autoconf (GNU Autoconf) 2.59


Am I doing something wrong?

Thanks for any help.

Edward.


________________________________
The information contained in this email is strictly confidential and for th=
e use of the addressee only, unless otherwise indicated. If you are not the=
intended recipient, please do not read, copy, use or disclose to others th=
is message or any attachment. Please also notify the sender by replying to =
this email or by telephone (+44 (0)20 7896 0011) and then delete the email =
and any copies of it. Opinions, conclusions (etc.) that do not relate to th=
e official business of this company shall be understood as neither given no=
r endorsed by it. IG Index Ltd is a company registered in England and Wales=
under number 01190902. VAT registration number 761 2978 07. Registered Off=
ice: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and=
regulated by the Financial Services Authority. FSA Register number 114059.

--_000_F41794BFF0B8CE4B9CF5C56209A98322387FB354PRDEXC103igii gl_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html40">

>

Re: apache configure problem

On 6-Nov-2009, at 05:50, Edward Quick wrote:

> Hi,

Hi. Please don't hijack someone else's message. When you are going to
begin a new message, DO NOT begin it by replying to another message
and then changing the subject. Create a NEW message.


--
You are responsible for your Rose


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Re: apache configure problem

Ok sorry about that. My mistake.

-----Original Message-----
From: LuKreme [mailto:kremels@kreme.com]
Sent: 06 November 2009 13:24
To: users@httpd.apache.org
Subject: [users@httpd] Re: apache configure problem


On 6-Nov-2009, at 05:50, Edward Quick wrote:

> Hi,

Hi. Please don't hijack someone else's message. When you are going to
begin a new message, DO NOT begin it by replying to another message
and then changing the subject. Create a NEW message.


--
You are responsible for your Rose


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


The information contained in this email is strictly confidential and for th=
e use of the addressee only, unless otherwise indicated. If you are not the=
intended recipient, please do not read, copy, use or disclose to others th=
is message or any attachment. Please also notify the sender by replying to =
this email or by telephone (+44 (0)20 7896 0011) and then delete the email =
and any copies of it. Opinions, conclusions (etc.) that do not relate to th=
e official business of this company shall be understood as neither given no=
r endorsed by it. IG Index Ltd is a company registered in England and Wales=
under number 01190902. VAT registration number 761 2978 07. Registered Off=
ice: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and=
regulated by the Financial Services Authority. FSA Register number 114059.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Handling a simple dos attack

From: "maillists0@gmail.com"
>We occasionally get hit by a miscreant client who will open a large number of connections and leave them in an open/wait state, using all the available children. I have more than adequate resources for normal traffic. Limiting the number of connections from a single source isn't an option because the nature of our business means that we often have many connections from a single IP. Right now, we deal with the problem by banning the offending IP in our firewall and restarting Apache.
>How do other people handle this? Is there something more creative I can do inside Apache? I'm thinking of the way that Postfix handles stress, where it can decrease time-out values under high load to drop connections more quickly and keep resources free (I know, it isn't exactly comparable to http, but still ... ). Can I do something similar with Apache? Suggestions or pointers to the right docs would be greatly appreciated.

Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?
An article: http://www.codexon.com/posts/defending-against-the-new-dos-t ool-slowloris

JD




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Handling a simple dos attack

On 6-Nov-2009, at 06:58, John Doe wrote:
> Did you look at http://www.zdziarski.com/projects/mod_evasive/ ?

It'd sure be nice if there was documentation on 'mod_evasive is fully
tweakable through the Apache configuration file, easy to incorporate
into your web server, and easy to use.'


--
It was not, it could not be real.
But in the roaring air he knew that it was, for all who needed to
believe, and in a belief so strong that truth was not the same as
fact... he knew that for now, and yesterday, and tomorrow, both the
thing, and the whole of the thing. --The Fifth Elephant


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org