[mod-security-users] Re: HTTPD Dos
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: HTTPD Dos
|
From: David F. <Da...@me...> - 2004-11-14 13:31:39
|
On Sat, 13 Nov 2004 20:23:31 -0800 mod...@li... wrote: > From: Gerwin Krist -|- Digitalus Webhosting <ge...@di...> > To: Mod_security <mod...@li...> > Date: Sat, 13 Nov 2004 11:29:25 +0000 > > Well the problem is it there are many ip addresses but only 1 request > once a while. So you can't easily detect the ddos. In the case I quoted in my last post, all the requests actually came from the same IP, so it was just DOS, not distributed. I think Ivan is right that in many cases these are better stopped at a firewall if that is possible. However, blocking at the web server would prevent, for example, lots of PHP sessions or database connections getting started. The OPTIONS type attack wasn't too bad - one with GET or POST on a real page would have consumed far more resources. David. -- ------------------------------------------------- Email: Da...@me... ------------------------------------------------- |
