rawandnet
asked on
Does Apache Configuration prevent DoS attach?
Dear All
Preventing DoS attack on our Apache Web server is the most difficult and challenging problems we have ever faced. I looked at different solutions on the website, they are all recommending to use IPTable to block such attack. But I have come to a conclusion that IPTables has nothing to do with that. I have done a lot of configuration on IPTables and listened to many advanced but with no concrete result.
There must be another way to prevent DoS attack. I don't know if Apache configuration can prevent such attach.
Basically, I am getting hundreds of connection from a specific IP address, which drained out the server memory and kills it. The current situation we are doing is to block that IP range. which is not a solution.
If you believe this issue can be resolved from Apache, please let me know how to tweak the setting.
We are a university, the web server we have is mainly for displaying information.
I would really appreciate any advice.
Thanks in advance
Preventing DoS attack on our Apache Web server is the most difficult and challenging problems we have ever faced. I looked at different solutions on the website, they are all recommending to use IPTable to block such attack. But I have come to a conclusion that IPTables has nothing to do with that. I have done a lot of configuration on IPTables and listened to many advanced but with no concrete result.
There must be another way to prevent DoS attack. I don't know if Apache configuration can prevent such attach.
Basically, I am getting hundreds of connection from a specific IP address, which drained out the server memory and kills it. The current situation we are doing is to block that IP range. which is not a solution.
If you believe this issue can be resolved from Apache, please let me know how to tweak the setting.
We are a university, the web server we have is mainly for displaying information.
I would really appreciate any advice.
Thanks in advance
ASKER
I have already installed mod_evasive to block IP address that causes a problem. it does show that the IP has been blocked but the attacker and it shows from the attacker's point of view that this I been lock but still continue and take down the server.
We are running Nginx as a reverse proxy for DDOS-attacks. If you really face DDOS it helps. At least for the small and medium attacks. If you are under heavy attack even this solution might not be enough.
I agree with @Uwe Degenhardt
It seems to me that it is highly likely that it is highly evasive and highly concentrated attack. You may even need to hire a specialist who has experience resolving these types of issues and their accompanied complications on the server.
It seems to me that it is highly likely that it is highly evasive and highly concentrated attack. You may even need to hire a specialist who has experience resolving these types of issues and their accompanied complications on the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
https://securityintelligence.com/defending-against-apache-web-server-ddos-attacks/