Re: [mod-security-users] Re: HTTPD Dos
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Re: HTTPD Dos
|
From: Zach R. <ad...@li...> - 2004-11-13 10:27:19
|
David Fletcher wrote: > > On Fri, 12 Nov 2004 20:23:12 -0800 > mod...@li... wrote: > > >>Subject: [mod-security-users] HTTPD Dos >> >>Hello there, >> >>One of our servers is being ddossed (httpd based), 100ths of clients are >>trying to download 1 certain file. My question, is it possible >>to filter on the download and put the the ip in an iptables rule? >> >>Regards, >>Gerwin > > > Hi, > > I have been getting attacks with over 1000 per second requests like this: > > default.domain 141.150.49.213 - - [04/Nov/2004:09:30:52 +0000] "OPTIONS / > HTTP/1.1" 403 266 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" (-) > > They seem to have stopped before I did anything about them, but I was > looking at mod_dosevasive available here: > > http://www.nuclearelephant.com/projects/dosevasive/ > > It doesn't look like its been developed in over a year (perhaps it doesn't > need it?) but it might be useful. I wonder if there is any case for > integrating it with mod_security? > > Another approach in this case will be just to block OPTIONS requests, but > other DOS attacks might not use this request method. > > David. > That could prove to be a very useful addition to the mod_security codebase. I currently use it but, due to the incompatibility with frontpage I can't use it on all servers. If possible, I would definately like to see it added. Zach |
