• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Apache Conf

Hi guys,

our server has been getting attacked everyday by some people,,, what happens is that they find one file on our server (lets say a zip file 5 meg ) and they make soooo many connections to the same file that the server stops functioning pretty much, I looked over the maxclient config for httpd.conf and doubled the number, but after 2 minutes, it would reach the new maxclient again,,, i ended up grabbing that ip and block it in the iptable, now my question is,,, is there a way that in apache you can limit the number of requests for each ip and reject all the other connections? or can you suggest any other way to protect our selfs agains this attacks?

thanks
0
djsoltan
Asked:
djsoltan
2 Solutions
 
Pétur Ingi EgilssonSoftware Engineer -- ConsultantCommented:
Use a script
I lack the time to learn/write one for you right now but i'll provide the blueprints.

add something like this as a cronjob, to be run every x-minutes ( 2 minutes? ) .. would still give your attacker 2 minutes to hammer your server :S
:
tail -n 500 /var/log/apache2/access_log
if 3 or more lines contain the same IP and the same *.zip filename then block that ip in your firewall
0
 
hbustanCommented:
The answer is Intrusion Prevention (IPS)

You can install an IPS hardware (such as Tipping Point) in your Internet gateway or install an IPS agent software on the machine itself.

There are many vendors that offer different IPS software agents such as Symmantec, Cisco, McAfee, and many others.

There might be free software available for this but I have not experimented any.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now