[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1805
  • Last Modified:

HTTP Flood Denial of Service

I'm on Red Hat Linux 5 using the Apache web server.

What are people recommending for protecting against  HTTP flood attacks?

I'd love to have some application that could limit usage by IP address - like allowing only one page load per unique IP address every two seconds.

Does something like this exist?

http://pear.php.net/package/HTTP_FloodControl
0
Geoff Millikan
Asked:
Geoff Millikan
  • 2
1 Solution
 
simonbunCommented:
Yes, you should look into apache's mod_security (http://www.modsecurity.org/) or mod_evasive (http://www.zdziarski.com/projects/mod_evasive/). Both can do this, but in my experience it was easier to do this with mod_evasive.

regards,
Simon
0
 
Geoff MillikanAuthor Commented:
Simon,

Thanks! And I'm sorry, I should have indicated that I'm on Apache/2.2.3.  Looks like mod_evasive doesn't run on 2.2.x  So would you suggest my best option is http://www.modsecurity.org/ 
0
 
simonbunCommented:
Yes, mod_security has a whole slew of configuration options, allowing very specific settings. Limiting requests by ip / s is possible.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now