[mod-security-users] Re: HTTPD Dos
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: HTTPD Dos
|
From: David F. <Da...@me...> - 2004-11-13 10:10:59
|
On Fri, 12 Nov 2004 20:23:12 -0800 mod...@li... wrote: > Subject: [mod-security-users] HTTPD Dos > > Hello there, > > One of our servers is being ddossed (httpd based), 100ths of clients are > trying to download 1 certain file. My question, is it possible > to filter on the download and put the the ip in an iptables rule? > > Regards, > Gerwin Hi, I have been getting attacks with over 1000 per second requests like this: default.domain 141.150.49.213 - - [04/Nov/2004:09:30:52 +0000] "OPTIONS / HTTP/1.1" 403 266 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" (-) They seem to have stopped before I did anything about them, but I was looking at mod_dosevasive available here: http://www.nuclearelephant.com/projects/dosevasive/ It doesn't look like its been developed in over a year (perhaps it doesn't need it?) but it might be useful. I wonder if there is any case for integrating it with mod_security? Another approach in this case will be just to block OPTIONS requests, but other DOS attacks might not use this request method. David. -- ------------------------------------------------- Email: Da...@me... ------------------------------------------------- |
