Geoff Millikan
asked on
HTTP Flood Denial of Service
I'm on Red Hat Linux 5 using the Apache web server.
What are people recommending for protecting against HTTP flood attacks?
I'd love to have some application that could limit usage by IP address - like allowing only one page load per unique IP address every two seconds.
Does something like this exist?
http://pear.php.net/package/HTTP_FloodControl
What are people recommending for protecting against HTTP flood attacks?
I'd love to have some application that could limit usage by IP address - like allowing only one page load per unique IP address every two seconds.
Does something like this exist?
http://pear.php.net/package/HTTP_FloodControl
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, mod_security has a whole slew of configuration options, allowing very specific settings. Limiting requests by ip / s is possible.
ASKER
Thanks! And I'm sorry, I should have indicated that I'm on Apache/2.2.3. Looks like mod_evasive doesn't run on 2.2.x So would you suggest my best option is http://www.modsecurity.org/