[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1806
  • Last Modified:

HTTP Flood Denial of Service

I'm on Red Hat Linux 5 using the Apache web server.

What are people recommending for protecting against  HTTP flood attacks?

I'd love to have some application that could limit usage by IP address - like allowing only one page load per unique IP address every two seconds.

Does something like this exist?

http://pear.php.net/package/HTTP_FloodControl
0
Geoff Millikan
Asked:
Geoff Millikan
  • 2
1 Solution
 
simonbunCommented:
Yes, you should look into apache's mod_security (http://www.modsecurity.org/) or mod_evasive (http://www.zdziarski.com/projects/mod_evasive/). Both can do this, but in my experience it was easier to do this with mod_evasive.

regards,
Simon
0
 
Geoff MillikanAuthor Commented:
Simon,

Thanks! And I'm sorry, I should have indicated that I'm on Apache/2.2.3.  Looks like mod_evasive doesn't run on 2.2.x  So would you suggest my best option is http://www.modsecurity.org/ 
0
 
simonbunCommented:
Yes, mod_security has a whole slew of configuration options, allowing very specific settings. Limiting requests by ip / s is possible.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now