rantsh Posted January 29, 2007 Share Posted January 29, 2007 Hey, just wondering... how do you deal with a DoS attack to your webserver? Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 29, 2007 Share Posted January 29, 2007 There are various apache modules you can use. mod_throttle is one of them - it limits the connections and bandwith been eaten up in a DOS.Google for "hardening apache" for more tips etc.-steve Quote Link to comment Share on other sites More sharing options...
trq Posted January 29, 2007 Share Posted January 29, 2007 You might also take a look at iptables. Quote Link to comment Share on other sites More sharing options...
Stray_Bullet Posted January 30, 2007 Share Posted January 30, 2007 [quote author=steviewdr link=topic=124542.msg516217#msg516217 date=1170090922]mod_throttle is one of them - it limits the connections and bandwith been eaten up in a DOS.[/quote]I use mod_limitipconn. ;D Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 31, 2007 Share Posted January 31, 2007 [me=steviewdr]just found out today that mod_throttle is not available for apache2 :-([/me]Aparently there is mod_throttle which throttles apache and cgi processes. mod_bandwith is another one. I think apache2 has mod_cband - however its only for bandwith.Anways.-steve Quote Link to comment Share on other sites More sharing options...
the_oliver Posted February 5, 2007 Share Posted February 5, 2007 best way is to stick the server behind some kind of hardware firewall, but expencive. Cisco PIX is the best ive found, even there lower range, but come with a hefty price!Also usefull to have a second network card, on diffrent subnet, (idealy a non public IP) so you can still get to your server durin a DoS attack. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted February 7, 2007 Share Posted February 7, 2007 the_oliver: I mainly use xen virtual machines - so I can xm console in directly if the network gives any issues etc :-)-steve Quote Link to comment Share on other sites More sharing options...
the_oliver Posted February 9, 2007 Share Posted February 9, 2007 steviewdr: That looks really clever! Can it be used to run multiple, compleatly indipendant, servers off one peice of hardware? Quote Link to comment Share on other sites More sharing options...
steviewdr Posted February 10, 2007 Share Posted February 10, 2007 the_oliver: Xen can indeed run completely independant servers off one piece of hardware.Basically - there is dom0 and domU. dom0 is the base Linux OS. Several domU's (guest os's) can run then on top of dom0. Typically there is nothing but xend and sshd running on dom0 - so its bullet proof. dom0 can then be used to control/console reboot/powerdown etc. etc. any of the domU's. If you have only 1 external ip address, dom0 can route the netconnections from the domU's, or each domU can have its own independant LAN and ip.You can also take a look at VMWare. Their vmware server offering is also free - and will allow you to run a Virtual Windows os either if thats what your looking for.Rgds,steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.