Solved

Dos attackes on apache

Posted on 2002-06-28
9
370 Views
Last Modified: 2010-03-04
how to prevent DoS attackes on my apache web server (1.3.26)
these attackes are on a particular site (100 get request per second). due to this server server httpd process exceed their limit .
I also used tcp interest on cisco router but these attacks also exceed the tcp intercept blocking limit.
any help will be highly appreciated..
thanks
0
Comment
Question by:shahid1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 15

Expert Comment

by:samri
ID: 7116265
Shahid,

You have about 10 pending questions.  Please revisit the Q, and feedback the members that is/are already spent their quality time to help you :)

Back to the question about Dos Attach on apache;

To my knowledge, Apache there is no mechanism in Apache to detect such activity.  However, if we look at the nature of DoS attack, we might be able to hack apache a bit to at lest minimise the chances of getting the daemon to suck up system resources.

Off-hand, all I can think off is getting a firewall in between;  Might not be a good choice since it would involves time and/or money.

Another option, which I would think is possible is to control number of connection from a specific client/IP address.

This can be done using mod_throttle

http://www.snert.com/Software/mod_throttle/

I personally haven't tried to implement mod_throttle yet, that is why I cannot guarantee that I would work as expected.

Some readings on DoS attack on Apache:
http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/

I kinda like this one from SANs:  You might need to register (free) to view the page;  But it is good.

http://rr.sans.org/sysadmin/apache.php

--- some excerpts from the site.
Security Related Directives - Buffer Overflow and HTTP DoS

  Covered in this section are several of the server security related directives and their purpose. There are
  many directives available with Apache. They can be found on the Apache HTTP Server Project Web Site
  http://httpd.apache.org/docs/mod/directives.html.

  Using following directives will help reduce the risk of DoS and Buffer Overflow attacks.

  Denial of Service attack (DoS).

  LimitRequestbody: Numeric parameter controlling maximum HTTP request body size.

  LimitRequestFields: Numeric parameter that limits allowable number of request headers.

  KeepAlive: Setting this parameter to off will disable a constant connection.

  KeepAliveTimeout: Limits the time Apache will wait for additional requests.

  Buffer Overflow attack.

  LimitRequestFieldSize: Limits the size of each request header.

  LimitRequestLine: Limits the length of each request line.
0
 

Author Comment

by:shahid1
ID: 7129508
I am talking about yaha.E worm who generate actual and ligitimate http request for a particular web-site from infected computer.
and the server hosted that site goes down within no time.
these http requests go on increasing as worm spreads through out the world.

regd...shahids
0
 
LVL 15

Expert Comment

by:samri
ID: 7129518
shahid1,

Thanks for the information.  I might be able to dig some threads here and there.

However, most article that I came across did mention that it is quite hard to control such attack, since it is done at OS layer.  Most sites would implement firewall, that has a predefined attack pattern.  I would suspect that yaha.E worm would need to flood an Apache at a high volume and high frequecy of request, and only the deamon would eventuall went down.  Most (or Some) firewall would trigger, and deny the source address is such pattern is detected.

The proposed solution- mod_throlle should be able to control the # of request, or interval between request.  This would at least slow down the attact, and let the apache daemon from taking too much resources, and bring the whole machine down.

cheers.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:shahid1
ID: 7129556
I am talking about yaha.E worm who generate actual and ligitimate http request for a particular web-site from infected computer.
and the server hosted that site goes down within no time.
these http requests go on increasing as worm spreads through out the world.

regd...shahids
0
 
LVL 15

Accepted Solution

by:
samri earned 200 total points
ID: 7130903
shahid,

accidental repeat or intentional repeats?

cheers
0
 

Author Comment

by:shahid1
ID: 7131105
samri,
sorry, it was accidental.

shahids
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 9690993
No comment has been added lately, so it's time to clean up this TA.

I will leave a recommendation in the Cleanup topic area with the following recommendation for this question:

Answered by samri

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

periwinkle
EE Cleanup Volunteer
0
 

Author Comment

by:shahid1
ID: 9737865
np
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question