Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1808
  • Last Modified:

HTTP Flood Denial of Service

I'm on Red Hat Linux 5 using the Apache web server.

What are people recommending for protecting against  HTTP flood attacks?

I'd love to have some application that could limit usage by IP address - like allowing only one page load per unique IP address every two seconds.

Does something like this exist?

http://pear.php.net/package/HTTP_FloodControl
0
Geoff Millikan
Asked:
Geoff Millikan
  • 2
1 Solution
 
simonbunCommented:
Yes, you should look into apache's mod_security (http://www.modsecurity.org/) or mod_evasive (http://www.zdziarski.com/projects/mod_evasive/). Both can do this, but in my experience it was easier to do this with mod_evasive.

regards,
Simon
0
 
Geoff MillikanAuthor Commented:
Simon,

Thanks! And I'm sorry, I should have indicated that I'm on Apache/2.2.3.  Looks like mod_evasive doesn't run on 2.2.x  So would you suggest my best option is http://www.modsecurity.org/ 
0
 
simonbunCommented:
Yes, mod_security has a whole slew of configuration options, allowing very specific settings. Limiting requests by ip / s is possible.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now